diff --git a/.gitignore b/.gitignore index 4fec4f53..8dbdbe85 100644 --- a/.gitignore +++ b/.gitignore @@ -29,6 +29,7 @@ config*.yaml !config-example.yaml derp.yaml *.hujson +!hscontrol/policy/v2/testdata/*/*.hujson *.key /db.sqlite *.sqlite3 diff --git a/hscontrol/policy/v2/tailscale_acl_data_compat_test.go b/hscontrol/policy/v2/tailscale_acl_data_compat_test.go index 5c665575..ec56a408 100644 --- a/hscontrol/policy/v2/tailscale_acl_data_compat_test.go +++ b/hscontrol/policy/v2/tailscale_acl_data_compat_test.go @@ -27,6 +27,7 @@ import ( "github.com/juanfont/headscale/hscontrol/types" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + "github.com/tailscale/hujson" "gorm.io/gorm" "tailscale.com/tailcfg" ) @@ -220,10 +221,14 @@ func loadACLTestFile(t *testing.T, path string) aclTestFile { content, err := os.ReadFile(path) require.NoError(t, err, "failed to read test file %s", path) + ast, err := hujson.Parse(content) + require.NoError(t, err, "failed to parse HuJSON in %s", path) + ast.Standardize() + var tf aclTestFile - err = json.Unmarshal(content, &tf) - require.NoError(t, err, "failed to parse test file %s", path) + err = json.Unmarshal(ast.Pack(), &tf) + require.NoError(t, err, "failed to unmarshal test file %s", path) return tf } @@ -255,13 +260,13 @@ func TestACLCompat(t *testing.T) { t.Parallel() files, err := filepath.Glob( - filepath.Join("testdata", "acl_results", "ACL-*.json"), + filepath.Join("testdata", "acl_results", "ACL-*.hujson"), ) require.NoError(t, err, "failed to glob test files") require.NotEmpty( t, files, - "no ACL-*.json test files found in testdata/acl_results/", + "no ACL-*.hujson test files found in testdata/acl_results/", ) t.Logf("Loaded %d ACL test files", len(files)) diff --git a/hscontrol/policy/v2/tailscale_grants_compat_test.go b/hscontrol/policy/v2/tailscale_grants_compat_test.go index f983aeff..c87f1fc3 100644 --- a/hscontrol/policy/v2/tailscale_grants_compat_test.go +++ b/hscontrol/policy/v2/tailscale_grants_compat_test.go @@ -31,6 +31,7 @@ import ( "github.com/juanfont/headscale/hscontrol/policy/policyutil" "github.com/juanfont/headscale/hscontrol/types" "github.com/stretchr/testify/require" + "github.com/tailscale/hujson" "gorm.io/gorm" "tailscale.com/tailcfg" ) @@ -316,10 +317,14 @@ func loadGrantTestFile(t *testing.T, path string) grantTestFile { content, err := os.ReadFile(path) require.NoError(t, err, "failed to read test file %s", path) + ast, err := hujson.Parse(content) + require.NoError(t, err, "failed to parse HuJSON in %s", path) + ast.Standardize() + var tf grantTestFile - err = json.Unmarshal(content, &tf) - require.NoError(t, err, "failed to parse test file %s", path) + err = json.Unmarshal(ast.Pack(), &tf) + require.NoError(t, err, "failed to unmarshal test file %s", path) return tf } @@ -357,9 +362,9 @@ var grantSkipReasons = map[string]string{ func TestGrantsCompat(t *testing.T) { t.Parallel() - files, err := filepath.Glob(filepath.Join("testdata", "grant_results", "GRANT-*.json")) + files, err := filepath.Glob(filepath.Join("testdata", "grant_results", "GRANT-*.hujson")) require.NoError(t, err, "failed to glob test files") - require.NotEmpty(t, files, "no GRANT-*.json test files found in testdata/grant_results/") + require.NotEmpty(t, files, "no GRANT-*.hujson test files found in testdata/grant_results/") t.Logf("Loaded %d grant test files", len(files)) diff --git a/hscontrol/policy/v2/tailscale_routes_data_compat_test.go b/hscontrol/policy/v2/tailscale_routes_data_compat_test.go index ec37d9a7..4f11c319 100644 --- a/hscontrol/policy/v2/tailscale_routes_data_compat_test.go +++ b/hscontrol/policy/v2/tailscale_routes_data_compat_test.go @@ -25,6 +25,7 @@ import ( "github.com/juanfont/headscale/hscontrol/policy/policyutil" "github.com/juanfont/headscale/hscontrol/types" "github.com/stretchr/testify/require" + "github.com/tailscale/hujson" "gorm.io/gorm" "tailscale.com/tailcfg" ) @@ -71,10 +72,14 @@ func loadRoutesTestFile(t *testing.T, path string) routesTestFile { content, err := os.ReadFile(path) require.NoError(t, err, "failed to read test file %s", path) + ast, err := hujson.Parse(content) + require.NoError(t, err, "failed to parse HuJSON in %s", path) + ast.Standardize() + var tf routesTestFile - err = json.Unmarshal(content, &tf) - require.NoError(t, err, "failed to parse test file %s", path) + err = json.Unmarshal(ast.Pack(), &tf) + require.NoError(t, err, "failed to unmarshal test file %s", path) return tf } @@ -188,13 +193,13 @@ func TestRoutesCompat(t *testing.T) { t.Parallel() files, err := filepath.Glob( - filepath.Join("testdata", "routes_results", "ROUTES-*.json"), + filepath.Join("testdata", "routes_results", "ROUTES-*.hujson"), ) require.NoError(t, err, "failed to glob test files") require.NotEmpty( t, files, - "no ROUTES-*.json test files found in testdata/routes_results/", + "no ROUTES-*.hujson test files found in testdata/routes_results/", ) t.Logf("Loaded %d routes test files", len(files)) diff --git a/hscontrol/policy/v2/tailscale_ssh_data_compat_test.go b/hscontrol/policy/v2/tailscale_ssh_data_compat_test.go index 75c9420a..1197f69f 100644 --- a/hscontrol/policy/v2/tailscale_ssh_data_compat_test.go +++ b/hscontrol/policy/v2/tailscale_ssh_data_compat_test.go @@ -29,6 +29,7 @@ import ( "github.com/google/go-cmp/cmp/cmpopts" "github.com/juanfont/headscale/hscontrol/types" "github.com/stretchr/testify/require" + "github.com/tailscale/hujson" "gorm.io/gorm" "tailscale.com/tailcfg" ) @@ -191,10 +192,14 @@ func loadSSHTestFile(t *testing.T, path string) sshTestFile { content, err := os.ReadFile(path) require.NoError(t, err, "failed to read test file %s", path) + ast, err := hujson.Parse(content) + require.NoError(t, err, "failed to parse HuJSON in %s", path) + ast.Standardize() + var tf sshTestFile - err = json.Unmarshal(content, &tf) - require.NoError(t, err, "failed to parse test file %s", path) + err = json.Unmarshal(ast.Pack(), &tf) + require.NoError(t, err, "failed to unmarshal test file %s", path) return tf } @@ -226,13 +231,13 @@ func TestSSHDataCompat(t *testing.T) { t.Parallel() files, err := filepath.Glob( - filepath.Join("testdata", "ssh_results", "SSH-*.json"), + filepath.Join("testdata", "ssh_results", "SSH-*.hujson"), ) require.NoError(t, err, "failed to glob test files") require.NotEmpty( t, files, - "no SSH-*.json test files found in testdata/ssh_results/", + "no SSH-*.hujson test files found in testdata/ssh_results/", ) t.Logf("Loaded %d SSH test files", len(files)) diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-A01.json b/hscontrol/policy/v2/testdata/acl_results/ACL-A01.hujson similarity index 98% rename from hscontrol/policy/v2/testdata/acl_results/ACL-A01.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-A01.hujson index 4aafe57f..6d7c9ee8 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-A01.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-A01.hujson @@ -1,3 +1,8 @@ +// ACL-A01 +// +// ACL: accept: src=['autogroup:member'] dst=['*:*'] +// +// Expected: Rules on 8 of 8 nodes { "test_id": "ACL-A01", "timestamp": "2026-03-17T14:16:33Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-A02.json b/hscontrol/policy/v2/testdata/acl_results/ACL-A02.hujson similarity index 98% rename from hscontrol/policy/v2/testdata/acl_results/ACL-A02.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-A02.hujson index 3a1cfe57..78fbb205 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-A02.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-A02.hujson @@ -1,3 +1,8 @@ +// ACL-A02 +// +// ACL: accept: src=['autogroup:tagged'] dst=['*:*'] +// +// Expected: Rules on 8 of 8 nodes { "test_id": "ACL-A02", "timestamp": "2026-03-17T14:16:44Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-A03.json b/hscontrol/policy/v2/testdata/acl_results/ACL-A03.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-A03.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-A03.hujson index d8a96700..7af4bd7d 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-A03.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-A03.hujson @@ -1,3 +1,8 @@ +// ACL-A03 +// +// ACL: accept: src=['autogroup:member', 'tag:client'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-A03", "timestamp": "2026-03-17T14:16:54Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-A04.json b/hscontrol/policy/v2/testdata/acl_results/ACL-A04.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-A04.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-A04.hujson index 93da9c05..5018ca30 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-A04.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-A04.hujson @@ -1,3 +1,8 @@ +// ACL-A04 +// +// ACL: accept: src=['*'] dst=['autogroup:self:*'] +// +// Expected: Rules on user-kris, user-mon, user1 { "test_id": "ACL-A04", "timestamp": "2026-03-17T14:17:04Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-A05.json b/hscontrol/policy/v2/testdata/acl_results/ACL-A05.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-A05.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-A05.hujson index 13b8b048..0d9c2a62 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-A05.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-A05.hujson @@ -1,3 +1,8 @@ +// ACL-A05 +// +// ACL: accept: src=['*'] dst=['autogroup:internet:*'] +// +// Expected: No filter rules { "test_id": "ACL-A05", "timestamp": "2026-03-17T14:17:15Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-A06.json b/hscontrol/policy/v2/testdata/acl_results/ACL-A06.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-A06.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-A06.hujson index 86d0c113..9c4eb374 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-A06.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-A06.hujson @@ -1,3 +1,8 @@ +// ACL-A06 +// +// ACL: accept: src=['*'] dst=['autogroup:member:*'] +// +// Expected: Rules on user-kris, user-mon, user1 { "test_id": "ACL-A06", "timestamp": "2026-03-17T14:17:25Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-A07.json b/hscontrol/policy/v2/testdata/acl_results/ACL-A07.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-A07.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-A07.hujson index f1821a5a..5ec2d15c 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-A07.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-A07.hujson @@ -1,3 +1,8 @@ +// ACL-A07 +// +// ACL: accept: src=['*'] dst=['autogroup:self:*', 'tag:server:22'] +// +// Expected: Rules on tagged-server, user-kris, user-mon, user1 { "test_id": "ACL-A07", "timestamp": "2026-03-17T14:17:36Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-A08.json b/hscontrol/policy/v2/testdata/acl_results/ACL-A08.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-A08.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-A08.hujson index ff4e4140..b66e7763 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-A08.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-A08.hujson @@ -1,3 +1,8 @@ +// ACL-A08 +// +// ACL: accept: src=['*'] dst=['autogroup:tagged:*'] +// +// Expected: Rules on exit-node, subnet-router, tagged-client, tagged-prod, tagged-server { "test_id": "ACL-A08", "timestamp": "2026-03-17T14:17:47Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-A09.json b/hscontrol/policy/v2/testdata/acl_results/ACL-A09.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-A09.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-A09.hujson index d8b6e62d..032d83cd 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-A09.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-A09.hujson @@ -1,3 +1,8 @@ +// ACL-A09 +// +// ACL: accept: src=['autogroup:member'] dst=['autogroup:self:*'] +// +// Expected: Rules on user-kris, user-mon, user1 { "test_id": "ACL-A09", "timestamp": "2026-03-17T14:17:57Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-A10.json b/hscontrol/policy/v2/testdata/acl_results/ACL-A10.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-A10.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-A10.hujson index d5eb861c..b0445bb2 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-A10.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-A10.hujson @@ -1,3 +1,8 @@ +// ACL-A10 +// +// ACL: accept: src=['kratail2tid@passkey'] dst=['autogroup:self:*'] +// +// Expected: Rules on user1 { "test_id": "ACL-A10", "timestamp": "2026-03-17T14:18:08Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-A11.json b/hscontrol/policy/v2/testdata/acl_results/ACL-A11.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-A11.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-A11.hujson index dbb580c1..f86e6722 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-A11.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-A11.hujson @@ -1,3 +1,8 @@ +// ACL-A11 +// +// ACL: accept: src=['group:admins'] dst=['autogroup:self:*'] +// +// Expected: Rules on user1 { "test_id": "ACL-A11", "timestamp": "2026-03-17T14:18:18Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-A12.json b/hscontrol/policy/v2/testdata/acl_results/ACL-A12.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-A12.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-A12.hujson index 4c20a617..9d774e81 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-A12.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-A12.hujson @@ -1,3 +1,8 @@ +// ACL-A12 +// +// ACL: accept: src=['*'] dst=['autogroup:self:22'] +// +// Expected: Rules on user-kris, user-mon, user1 { "test_id": "ACL-A12", "timestamp": "2026-03-17T14:18:28Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-A13.json b/hscontrol/policy/v2/testdata/acl_results/ACL-A13.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-A13.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-A13.hujson index 5f3b8468..47287b98 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-A13.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-A13.hujson @@ -1,3 +1,8 @@ +// ACL-A13 +// +// ACL: accept: src=['*'] dst=['autogroup:self:80-443'] +// +// Expected: Rules on user-kris, user-mon, user1 { "test_id": "ACL-A13", "timestamp": "2026-03-17T14:18:39Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-A14.json b/hscontrol/policy/v2/testdata/acl_results/ACL-A14.hujson similarity index 98% rename from hscontrol/policy/v2/testdata/acl_results/ACL-A14.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-A14.hujson index 25e90b4e..e6daf80c 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-A14.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-A14.hujson @@ -1,3 +1,8 @@ +// ACL-A14 +// +// ACL: accept: src=['*'] dst=['autogroup:self:22,80,443'] +// +// Expected: Rules on user-kris, user-mon, user1 { "test_id": "ACL-A14", "timestamp": "2026-03-17T14:18:49Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-A15.json b/hscontrol/policy/v2/testdata/acl_results/ACL-A15.hujson similarity index 98% rename from hscontrol/policy/v2/testdata/acl_results/ACL-A15.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-A15.hujson index 709d1d4e..451f1371 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-A15.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-A15.hujson @@ -1,3 +1,8 @@ +// ACL-A15 +// +// ACL: accept: src=['autogroup:member', 'autogroup:tagged'] dst=['*:*'] +// +// Expected: Rules on 8 of 8 nodes { "test_id": "ACL-A15", "timestamp": "2026-03-17T14:19:00Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-A16.json b/hscontrol/policy/v2/testdata/acl_results/ACL-A16.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-A16.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-A16.hujson index 3fac6fa3..3c335233 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-A16.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-A16.hujson @@ -1,3 +1,8 @@ +// ACL-A16 +// +// ACL: accept: src=['autogroup:member', 'autogroup:tagged'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-A16", "timestamp": "2026-03-17T14:19:10Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-A17.json b/hscontrol/policy/v2/testdata/acl_results/ACL-A17.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-A17.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-A17.hujson index ee94df33..961984da 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-A17.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-A17.hujson @@ -1,3 +1,8 @@ +// ACL-A17 +// +// ACL: accept: src=['*'] dst=['autogroup:self:*', 'tag:server:22', 'autogroup:member:80'] +// +// Expected: Rules on tagged-server, user-kris, user-mon, user1 { "test_id": "ACL-A17", "timestamp": "2026-03-17T14:19:21Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-AH01.json b/hscontrol/policy/v2/testdata/acl_results/ACL-AH01.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-AH01.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-AH01.hujson index 8ccb1a00..752eec0b 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-AH01.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-AH01.hujson @@ -1,3 +1,8 @@ +// ACL-AH01 +// +// ACL: accept: src=['internal', 'subnet24'] dst=['*:*'] +// +// Expected: Rules on 8 of 8 nodes { "test_id": "ACL-AH01", "timestamp": "2026-03-17T14:19:31Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-AH02.json b/hscontrol/policy/v2/testdata/acl_results/ACL-AH02.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-AH02.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-AH02.hujson index 6acdad4a..60ff7475 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-AH02.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-AH02.hujson @@ -1,3 +1,8 @@ +// ACL-AH02 +// +// ACL: accept: src=['internal', '100.108.74.26'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-AH02", "timestamp": "2026-03-17T14:19:42Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-AH03.json b/hscontrol/policy/v2/testdata/acl_results/ACL-AH03.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-AH03.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-AH03.hujson index 86941b6e..b1479894 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-AH03.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-AH03.hujson @@ -1,3 +1,8 @@ +// ACL-AH03 +// +// ACL: accept: src=['*'] dst=['internal:22', 'subnet24:80', 'tag:server:443'] +// +// Expected: Rules on subnet-router, tagged-server { "test_id": "ACL-AH03", "timestamp": "2026-03-17T14:19:52Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-AH04.json b/hscontrol/policy/v2/testdata/acl_results/ACL-AH04.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-AH04.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-AH04.hujson index c21eeb6e..98f50e2b 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-AH04.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-AH04.hujson @@ -1,3 +1,8 @@ +// ACL-AH04 +// +// ACL: accept: src=['internal', '10.0.0.0/8'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-AH04", "timestamp": "2026-03-17T14:20:02Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-AH05.json b/hscontrol/policy/v2/testdata/acl_results/ACL-AH05.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-AH05.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-AH05.hujson index b58cc483..faec62f4 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-AH05.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-AH05.hujson @@ -1,3 +1,8 @@ +// ACL-AH05 +// +// ACL: accept: src=['*'] dst=['internal:22'] +// +// Expected: Rules on subnet-router { "test_id": "ACL-AH05", "timestamp": "2026-03-17T14:20:13Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-AH06.json b/hscontrol/policy/v2/testdata/acl_results/ACL-AH06.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-AH06.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-AH06.hujson index 6f07797e..bba92897 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-AH06.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-AH06.hujson @@ -1,3 +1,8 @@ +// ACL-AH06 +// +// ACL: accept: src=['*'] dst=['10.0.0.0/8:22'] +// +// Expected: Rules on subnet-router { "test_id": "ACL-AH06", "timestamp": "2026-03-17T14:20:23Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-AR01.json b/hscontrol/policy/v2/testdata/acl_results/ACL-AR01.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-AR01.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-AR01.hujson index 66928505..8c3776aa 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-AR01.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-AR01.hujson @@ -1,3 +1,10 @@ +// ACL-AR01 +// +// ACLs: +// accept: src=['tag:client'] dst=['tag:server:22'] +// accept: src=['tag:client'] dst=['tag:server:80,443'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-AR01", "timestamp": "2026-03-17T14:20:34Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-AR02.json b/hscontrol/policy/v2/testdata/acl_results/ACL-AR02.hujson similarity index 95% rename from hscontrol/policy/v2/testdata/acl_results/ACL-AR02.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-AR02.hujson index 3aae4a2d..1e12094a 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-AR02.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-AR02.hujson @@ -1,3 +1,11 @@ +// ACL-AR02 +// +// ACLs: +// accept: src=['tag:client'] dst=['tag:server:22'] +// accept: src=['tag:client'] dst=['tag:server:80,443'] +// accept: src=['*'] dst=['tag:server:53'] proto=udp +// +// Expected: Rules on tagged-server { "test_id": "ACL-AR02", "timestamp": "2026-03-17T14:20:44Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-AR03.json b/hscontrol/policy/v2/testdata/acl_results/ACL-AR03.hujson similarity index 95% rename from hscontrol/policy/v2/testdata/acl_results/ACL-AR03.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-AR03.hujson index 7a913a60..48d2901c 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-AR03.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-AR03.hujson @@ -1,3 +1,11 @@ +// ACL-AR03 +// +// ACLs: +// accept: src=['tag:client'] dst=['tag:server:22'] +// accept: src=['tag:client'] dst=['tag:server:80'] +// accept: src=['tag:client'] dst=['tag:server:443'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-AR03", "timestamp": "2026-03-17T14:20:55Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-AR04.json b/hscontrol/policy/v2/testdata/acl_results/ACL-AR04.hujson similarity index 95% rename from hscontrol/policy/v2/testdata/acl_results/ACL-AR04.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-AR04.hujson index 381dacb5..a18e679f 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-AR04.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-AR04.hujson @@ -1,3 +1,11 @@ +// ACL-AR04 +// +// ACLs: +// accept: src=['tag:client'] dst=['tag:server:22'] +// accept: src=['tag:prod'] dst=['tag:server:22'] +// accept: src=['tag:router'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-AR04", "timestamp": "2026-03-17T14:21:05Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-AR05.json b/hscontrol/policy/v2/testdata/acl_results/ACL-AR05.hujson similarity index 95% rename from hscontrol/policy/v2/testdata/acl_results/ACL-AR05.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-AR05.hujson index 8f46b6b5..b4eb5f27 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-AR05.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-AR05.hujson @@ -1,3 +1,12 @@ +// ACL-AR05 +// +// ACLs: +// accept: src=['tag:client'] dst=['tag:server:22'] +// accept: src=['tag:client'] dst=['tag:server:80'] +// accept: src=['tag:prod'] dst=['tag:server:22'] +// accept: src=['tag:prod'] dst=['tag:server:443'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-AR05", "timestamp": "2026-03-17T14:21:16Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-AR06.json b/hscontrol/policy/v2/testdata/acl_results/ACL-AR06.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-AR06.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-AR06.hujson index c24e37c2..ee770f44 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-AR06.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-AR06.hujson @@ -1,3 +1,10 @@ +// ACL-AR06 +// +// ACLs: +// accept: src=['tag:client'] dst=['tag:server:22'] +// accept: src=['*'] dst=['tag:server:80'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-AR06", "timestamp": "2026-03-17T14:21:26Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-AT01.json b/hscontrol/policy/v2/testdata/acl_results/ACL-AT01.hujson similarity index 98% rename from hscontrol/policy/v2/testdata/acl_results/ACL-AT01.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-AT01.hujson index 77be1c17..e3387743 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-AT01.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-AT01.hujson @@ -1,3 +1,8 @@ +// ACL-AT01 +// +// ACL: accept: src=['tag:server', 'tag:client', 'tag:prod', 'tag:router', 'tag:exit'] dst=['*:*'] +// +// Expected: Rules on 8 of 8 nodes { "test_id": "ACL-AT01", "timestamp": "2026-03-17T14:21:36Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-AT02.json b/hscontrol/policy/v2/testdata/acl_results/ACL-AT02.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-AT02.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-AT02.hujson index 05f7efe9..ecf74fbb 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-AT02.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-AT02.hujson @@ -1,3 +1,8 @@ +// ACL-AT02 +// +// ACL: accept: src=['*'] dst=['tag:server:22', 'tag:client:22', 'tag:prod:22', 'tag:router:22', 'tag:exit:22'] +// +// Expected: Rules on exit-node, subnet-router, tagged-client, tagged-prod, tagged-server { "test_id": "ACL-AT02", "timestamp": "2026-03-17T14:21:47Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-AT03.json b/hscontrol/policy/v2/testdata/acl_results/ACL-AT03.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-AT03.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-AT03.hujson index 454521ac..899df47f 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-AT03.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-AT03.hujson @@ -1,3 +1,8 @@ +// ACL-AT03 +// +// ACL: accept: src=['tag:server', 'tag:client', 'tag:prod', 'tag:router', 'tag:exit'] dst=['autogroup:member:22'] +// +// Expected: Rules on user-kris, user-mon, user1 { "test_id": "ACL-AT03", "timestamp": "2026-03-17T14:21:57Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-AT04.json b/hscontrol/policy/v2/testdata/acl_results/ACL-AT04.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-AT04.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-AT04.hujson index bc50ab9a..392ec196 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-AT04.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-AT04.hujson @@ -1,3 +1,10 @@ +// ACL-AT04 +// +// ACLs: +// accept: src=['autogroup:tagged'] dst=['tag:server:22'] +// accept: src=['autogroup:member'] dst=['tag:server:80'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-AT04", "timestamp": "2026-03-17T14:22:08Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-AT05.json b/hscontrol/policy/v2/testdata/acl_results/ACL-AT05.hujson similarity index 95% rename from hscontrol/policy/v2/testdata/acl_results/ACL-AT05.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-AT05.hujson index ac083035..d98bd4ad 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-AT05.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-AT05.hujson @@ -1,3 +1,10 @@ +// ACL-AT05 +// +// ACLs: +// accept: src=['tag:client'] dst=['tag:server:22'] +// accept: src=['tag:server'] dst=['tag:client:22'] +// +// Expected: Rules on tagged-client, tagged-server { "test_id": "ACL-AT05", "timestamp": "2026-03-17T14:22:18Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-AT06.json b/hscontrol/policy/v2/testdata/acl_results/ACL-AT06.hujson similarity index 94% rename from hscontrol/policy/v2/testdata/acl_results/ACL-AT06.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-AT06.hujson index f04eb600..25a76edd 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-AT06.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-AT06.hujson @@ -1,3 +1,12 @@ +// ACL-AT06 +// +// ACLs: +// accept: src=['tag:client'] dst=['tag:server:22'] +// accept: src=['tag:server'] dst=['tag:prod:5432'] +// accept: src=['tag:prod'] dst=['tag:client:80'] +// accept: src=['tag:client'] dst=['tag:prod:443'] +// +// Expected: Rules on tagged-client, tagged-prod, tagged-server { "test_id": "ACL-AT06", "timestamp": "2026-03-17T14:22:29Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-AU01.json b/hscontrol/policy/v2/testdata/acl_results/ACL-AU01.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-AU01.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-AU01.hujson index 7c35a1e7..2f5f50a1 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-AU01.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-AU01.hujson @@ -1,3 +1,8 @@ +// ACL-AU01 +// +// ACL: accept: src=['kristoffer@dalby.cc'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-AU01", "timestamp": "2026-03-17T14:22:39Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-AU02.json b/hscontrol/policy/v2/testdata/acl_results/ACL-AU02.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-AU02.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-AU02.hujson index bc354805..353211fa 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-AU02.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-AU02.hujson @@ -1,3 +1,8 @@ +// ACL-AU02 +// +// ACL: accept: src=['monitorpasskeykradalby@passkey'] dst=['tag:prod:5432'] +// +// Expected: Rules on tagged-prod { "test_id": "ACL-AU02", "timestamp": "2026-03-17T14:22:49Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-AU03.json b/hscontrol/policy/v2/testdata/acl_results/ACL-AU03.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-AU03.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-AU03.hujson index 71e87c8b..6a8db0d4 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-AU03.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-AU03.hujson @@ -1,3 +1,8 @@ +// ACL-AU03 +// +// ACL: accept: src=['group:developers'] dst=['tag:server:22', 'tag:prod:5432'] +// +// Expected: Rules on tagged-prod, tagged-server { "test_id": "ACL-AU03", "timestamp": "2026-03-17T14:23:00Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-AU04.json b/hscontrol/policy/v2/testdata/acl_results/ACL-AU04.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-AU04.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-AU04.hujson index 29df0930..86d6bafa 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-AU04.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-AU04.hujson @@ -1,3 +1,8 @@ +// ACL-AU04 +// +// ACL: accept: src=['*'] dst=['group:developers:22'] +// +// Expected: Rules on user-kris, user1 { "test_id": "ACL-AU04", "timestamp": "2026-03-17T14:23:10Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-AU05.json b/hscontrol/policy/v2/testdata/acl_results/ACL-AU05.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-AU05.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-AU05.hujson index 715fef25..ae894706 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-AU05.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-AU05.hujson @@ -1,3 +1,8 @@ +// ACL-AU05 +// +// ACL: accept: src=['*'] dst=['group:monitors:*'] +// +// Expected: Rules on user-mon { "test_id": "ACL-AU05", "timestamp": "2026-03-17T14:23:21Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-AU06.json b/hscontrol/policy/v2/testdata/acl_results/ACL-AU06.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-AU06.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-AU06.hujson index 9a1394f3..d87204d4 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-AU06.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-AU06.hujson @@ -1,3 +1,8 @@ +// ACL-AU06 +// +// ACL: accept: src=['group:admins', 'group:developers', 'group:monitors'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-AU06", "timestamp": "2026-03-17T14:23:31Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-C01.json b/hscontrol/policy/v2/testdata/acl_results/ACL-C01.hujson similarity index 95% rename from hscontrol/policy/v2/testdata/acl_results/ACL-C01.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-C01.hujson index c5c679ba..b0449557 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-C01.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-C01.hujson @@ -1,3 +1,11 @@ +// ACL-C01 +// +// ACLs: +// accept: src=['tag:client'] dst=['tag:server:22'] +// accept: src=['autogroup:member'] dst=['tag:server:80'] +// accept: src=['*'] dst=['tag:prod:5432'] +// +// Expected: Rules on tagged-prod, tagged-server { "test_id": "ACL-C01", "timestamp": "2026-03-17T14:23:42Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-C02.json b/hscontrol/policy/v2/testdata/acl_results/ACL-C02.hujson similarity index 95% rename from hscontrol/policy/v2/testdata/acl_results/ACL-C02.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-C02.hujson index 756fe3a7..023bcede 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-C02.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-C02.hujson @@ -1,3 +1,11 @@ +// ACL-C02 +// +// ACLs: +// accept: src=['tag:client', 'autogroup:member'] dst=['tag:server:22'] +// accept: src=['tag:prod'] dst=['tag:server:80'] +// accept: src=['group:admins'] dst=['tag:prod:5432'] +// +// Expected: Rules on tagged-prod, tagged-server { "test_id": "ACL-C02", "timestamp": "2026-03-17T14:23:52Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-C03.json b/hscontrol/policy/v2/testdata/acl_results/ACL-C03.hujson similarity index 95% rename from hscontrol/policy/v2/testdata/acl_results/ACL-C03.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-C03.hujson index 837043f0..8c6a47f9 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-C03.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-C03.hujson @@ -1,3 +1,10 @@ +// ACL-C03 +// +// ACLs: +// accept: src=['tag:client'] dst=['tag:server:22', 'tag:prod:5432', 'webserver:80'] +// accept: src=['autogroup:member'] dst=['autogroup:self:*'] +// +// Expected: Rules on tagged-prod, tagged-server, user-kris, user-mon, user1 { "test_id": "ACL-C03", "timestamp": "2026-03-17T14:24:03Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-C04.json b/hscontrol/policy/v2/testdata/acl_results/ACL-C04.hujson similarity index 94% rename from hscontrol/policy/v2/testdata/acl_results/ACL-C04.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-C04.hujson index c8197e5e..21f979ce 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-C04.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-C04.hujson @@ -1,3 +1,12 @@ +// ACL-C04 +// +// ACLs: +// accept: src=['tag:client'] dst=['tag:server:22'] +// accept: src=['tag:server'] dst=['tag:prod:5432'] +// accept: src=['autogroup:member'] dst=['autogroup:self:*'] +// accept: src=['*'] dst=['autogroup:internet:*'] +// +// Expected: Rules on tagged-prod, tagged-server, user-kris, user-mon, user1 { "test_id": "ACL-C04", "timestamp": "2026-03-17T14:24:13Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-C05.json b/hscontrol/policy/v2/testdata/acl_results/ACL-C05.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-C05.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-C05.hujson index cccdb09b..88d66a87 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-C05.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-C05.hujson @@ -1,3 +1,8 @@ +// ACL-C05 +// +// ACL: accept: src=['*'] dst=['tag:server:22', 'tag:prod:5432', 'tag:client:80', 'tag:router:*', 'tag:exit:*', 'autogroup:member:443', 'autogroup:self:*'] +// +// Expected: Rules on 8 of 8 nodes { "test_id": "ACL-C05", "timestamp": "2026-03-17T14:24:23Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-C06.json b/hscontrol/policy/v2/testdata/acl_results/ACL-C06.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-C06.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-C06.hujson index 9978a238..74a0be1b 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-C06.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-C06.hujson @@ -1,3 +1,8 @@ +// ACL-C06 +// +// ACL: accept: src=['tag:client', 'tag:prod', 'tag:server', 'autogroup:member', 'group:admins'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-C06", "timestamp": "2026-03-17T14:24:34Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-C07.json b/hscontrol/policy/v2/testdata/acl_results/ACL-C07.hujson similarity index 94% rename from hscontrol/policy/v2/testdata/acl_results/ACL-C07.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-C07.hujson index 83205b4b..aedd2985 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-C07.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-C07.hujson @@ -1,3 +1,12 @@ +// ACL-C07 +// +// ACLs: +// accept: src=['tag:client'] dst=['tag:server:22'] +// accept: src=['tag:client'] dst=['tag:server:80'] +// accept: src=['tag:client'] dst=['tag:server:443'] +// accept: src=['tag:client'] dst=['tag:server:8080'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-C07", "timestamp": "2026-03-17T14:24:44Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-C08.json b/hscontrol/policy/v2/testdata/acl_results/ACL-C08.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-C08.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-C08.hujson index 4c8c996d..e6d5e69a 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-C08.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-C08.hujson @@ -1,3 +1,8 @@ +// ACL-C08 +// +// ACL: accept: src=['*'] dst=['tag:server:22', 'tag:prod:22', 'tag:client:22', 'tag:router:22', 'tag:exit:22'] +// +// Expected: Rules on exit-node, subnet-router, tagged-client, tagged-prod, tagged-server { "test_id": "ACL-C08", "timestamp": "2026-03-17T14:24:55Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-C09.json b/hscontrol/policy/v2/testdata/acl_results/ACL-C09.hujson similarity index 95% rename from hscontrol/policy/v2/testdata/acl_results/ACL-C09.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-C09.hujson index 9a3e239f..c0b3ea2a 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-C09.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-C09.hujson @@ -1,3 +1,12 @@ +// ACL-C09 +// +// ACLs: +// accept: src=['tag:client'] dst=['tag:server:22'] +// accept: src=['tag:client'] dst=['tag:prod:22'] +// accept: src=['tag:server'] dst=['tag:prod:5432'] +// ... (6 rules total) +// +// Expected: Rules on subnet-router, tagged-prod, tagged-server, user-kris, user-mon, user1 { "test_id": "ACL-C09", "timestamp": "2026-03-17T14:25:05Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-C10.json b/hscontrol/policy/v2/testdata/acl_results/ACL-C10.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-C10.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-C10.hujson index 99e40d90..74c0deec 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-C10.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-C10.hujson @@ -1,3 +1,11 @@ +// ACL-C10 +// +// ACLs: +// accept: src=['autogroup:member'] dst=['autogroup:self:*'] +// accept: src=['autogroup:member'] dst=['tag:server:22', 'tag:prod:5432'] +// accept: src=['autogroup:tagged'] dst=['autogroup:tagged:*'] +// +// Expected: Rules on 8 of 8 nodes { "test_id": "ACL-C10", "timestamp": "2026-03-17T14:25:16Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-D01.json b/hscontrol/policy/v2/testdata/acl_results/ACL-D01.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-D01.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-D01.hujson index b59a900f..2f960bee 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-D01.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-D01.hujson @@ -1,3 +1,10 @@ +// ACL-D01 +// +// ACLs: +// accept: src=['tag:client'] dst=['tag:server:22'] +// accept: src=['*'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-D01", "timestamp": "2026-03-17T14:25:26Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-D02.json b/hscontrol/policy/v2/testdata/acl_results/ACL-D02.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-D02.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-D02.hujson index 8ed62f0b..f931be28 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-D02.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-D02.hujson @@ -1,3 +1,8 @@ +// ACL-D02 +// +// ACL: accept: src=['tag:client'] dst=['tag:server:22', 'webserver:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-D02", "timestamp": "2026-03-17T14:25:37Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-D03.json b/hscontrol/policy/v2/testdata/acl_results/ACL-D03.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-D03.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-D03.hujson index 489b703c..ed23fd27 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-D03.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-D03.hujson @@ -1,3 +1,8 @@ +// ACL-D03 +// +// ACL: accept: src=['100.108.74.26', 'tag:server'] dst=['*:*'] +// +// Expected: Rules on 8 of 8 nodes { "test_id": "ACL-D03", "timestamp": "2026-03-17T14:25:47Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-D04.json b/hscontrol/policy/v2/testdata/acl_results/ACL-D04.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-D04.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-D04.hujson index 1a706e02..df03b84c 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-D04.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-D04.hujson @@ -1,3 +1,8 @@ +// ACL-D04 +// +// ACL: accept: src=['100.108.74.26', 'webserver'] dst=['*:*'] +// +// Expected: Rules on 8 of 8 nodes { "test_id": "ACL-D04", "timestamp": "2026-03-17T14:25:57Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-D05.json b/hscontrol/policy/v2/testdata/acl_results/ACL-D05.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-D05.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-D05.hujson index 77e504d3..c1c1a7ad 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-D05.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-D05.hujson @@ -1,3 +1,8 @@ +// ACL-D05 +// +// ACL: accept: src=['*'] dst=['100.108.74.26:22', 'tag:server:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-D05", "timestamp": "2026-03-17T14:26:08Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-D06.json b/hscontrol/policy/v2/testdata/acl_results/ACL-D06.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-D06.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-D06.hujson index 28add351..f859ac5e 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-D06.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-D06.hujson @@ -1,3 +1,8 @@ +// ACL-D06 +// +// ACL: accept: src=['*'] dst=['100.108.74.26:22', 'webserver:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-D06", "timestamp": "2026-03-17T14:26:18Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-D07.json b/hscontrol/policy/v2/testdata/acl_results/ACL-D07.hujson similarity index 98% rename from hscontrol/policy/v2/testdata/acl_results/ACL-D07.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-D07.hujson index 964d2052..439b5bf7 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-D07.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-D07.hujson @@ -1,3 +1,8 @@ +// ACL-D07 +// +// ACL: accept: src=['autogroup:member', 'autogroup:tagged'] dst=['*:*'] +// +// Expected: Rules on 8 of 8 nodes { "test_id": "ACL-D07", "timestamp": "2026-03-17T14:26:29Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-D08.json b/hscontrol/policy/v2/testdata/acl_results/ACL-D08.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-D08.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-D08.hujson index 876e842e..3289ea33 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-D08.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-D08.hujson @@ -1,3 +1,10 @@ +// ACL-D08 +// +// ACLs: +// accept: src=['*'] dst=['autogroup:self:*'] +// accept: src=['kratail2tid@passkey'] dst=['kratail2tid@passkey:*'] +// +// Expected: Rules on user-kris, user-mon, user1 { "test_id": "ACL-D08", "timestamp": "2026-03-17T14:26:39Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-E01.json b/hscontrol/policy/v2/testdata/acl_results/ACL-E01.hujson similarity index 98% rename from hscontrol/policy/v2/testdata/acl_results/ACL-E01.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-E01.hujson index 3be67491..c7cd6384 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-E01.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-E01.hujson @@ -1,3 +1,8 @@ +// ACL-E01 +// +// ACL: accept: src=['100.108.74.26'] dst=['*:*'] +// +// Expected: Rules on 8 of 8 nodes { "test_id": "ACL-E01", "timestamp": "2026-03-17T14:26:50Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-E02.json b/hscontrol/policy/v2/testdata/acl_results/ACL-E02.hujson similarity index 98% rename from hscontrol/policy/v2/testdata/acl_results/ACL-E02.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-E02.hujson index e3e72163..69b23872 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-E02.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-E02.hujson @@ -1,3 +1,8 @@ +// ACL-E02 +// +// ACL: accept: src=['tag:server'] dst=['*:*'] +// +// Expected: Rules on 8 of 8 nodes { "test_id": "ACL-E02", "timestamp": "2026-03-17T14:27:00Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-E03.json b/hscontrol/policy/v2/testdata/acl_results/ACL-E03.hujson similarity index 98% rename from hscontrol/policy/v2/testdata/acl_results/ACL-E03.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-E03.hujson index 09b18ac1..e771f0a3 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-E03.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-E03.hujson @@ -1,3 +1,8 @@ +// ACL-E03 +// +// ACL: accept: src=['webserver'] dst=['*:*'] +// +// Expected: Rules on 8 of 8 nodes { "test_id": "ACL-E03", "timestamp": "2026-03-17T14:27:11Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-E04.json b/hscontrol/policy/v2/testdata/acl_results/ACL-E04.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-E04.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-E04.hujson index 93629c30..5aff3a18 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-E04.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-E04.hujson @@ -1,3 +1,8 @@ +// ACL-E04 +// +// ACL: accept: src=['*'] dst=['100.108.74.26:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-E04", "timestamp": "2026-03-17T14:27:21Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-E05.json b/hscontrol/policy/v2/testdata/acl_results/ACL-E05.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-E05.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-E05.hujson index 60527fd9..bf8b182e 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-E05.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-E05.hujson @@ -1,3 +1,8 @@ +// ACL-E05 +// +// ACL: accept: src=['*'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-E05", "timestamp": "2026-03-17T14:27:32Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-E06.json b/hscontrol/policy/v2/testdata/acl_results/ACL-E06.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-E06.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-E06.hujson index 0566c82e..1e339772 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-E06.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-E06.hujson @@ -1,3 +1,8 @@ +// ACL-E06 +// +// ACL: accept: src=['*'] dst=['webserver:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-E06", "timestamp": "2026-03-17T14:27:42Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-E07.json b/hscontrol/policy/v2/testdata/acl_results/ACL-E07.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-E07.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-E07.hujson index e7a37f9f..ea54c36c 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-E07.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-E07.hujson @@ -1,3 +1,8 @@ +// ACL-E07 +// +// ACL: accept: src=['kratail2tid@passkey'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-E07", "timestamp": "2026-03-17T14:27:52Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-E08.json b/hscontrol/policy/v2/testdata/acl_results/ACL-E08.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-E08.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-E08.hujson index f9d12dc6..3f7b4ee7 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-E08.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-E08.hujson @@ -1,3 +1,8 @@ +// ACL-E08 +// +// ACL: accept: src=['group:admins'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-E08", "timestamp": "2026-03-17T14:28:03Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-E09.json b/hscontrol/policy/v2/testdata/acl_results/ACL-E09.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-E09.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-E09.hujson index 0dab66ea..adabc8f5 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-E09.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-E09.hujson @@ -1,3 +1,8 @@ +// ACL-E09 +// +// ACL: accept: src=['kratail2tid@passkey', 'group:admins'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-E09", "timestamp": "2026-03-17T14:28:13Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-ERR01.json b/hscontrol/policy/v2/testdata/acl_results/ACL-ERR01.hujson similarity index 90% rename from hscontrol/policy/v2/testdata/acl_results/ACL-ERR01.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-ERR01.hujson index f327419b..895c04f9 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-ERR01.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-ERR01.hujson @@ -1,3 +1,8 @@ +// ACL-ERR01 +// +// ACL: accept: src=['tag:nonexistent'] dst=['tag:server:22'] +// +// Expected: Error — src=tag not found: "tag:nonexistent" { "test_id": "ACL-ERR01", "timestamp": "2026-03-17T14:28:24Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-ERR02.json b/hscontrol/policy/v2/testdata/acl_results/ACL-ERR02.hujson similarity index 89% rename from hscontrol/policy/v2/testdata/acl_results/ACL-ERR02.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-ERR02.hujson index 1eebf587..1fb9b6d4 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-ERR02.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-ERR02.hujson @@ -1,3 +1,8 @@ +// ACL-ERR02 +// +// ACL: accept: src=['autogroup:self'] dst=['tag:server:22'] +// +// Expected: Error — "autogroup:self" not valid on the src side of a rule { "test_id": "ACL-ERR02", "timestamp": "2026-03-17T14:28:24Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-ERR03.json b/hscontrol/policy/v2/testdata/acl_results/ACL-ERR03.hujson similarity index 89% rename from hscontrol/policy/v2/testdata/acl_results/ACL-ERR03.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-ERR03.hujson index 5c6a5100..3131e042 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-ERR03.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-ERR03.hujson @@ -1,3 +1,8 @@ +// ACL-ERR03 +// +// ACL: accept: src=['*'] dst=['autogroup:self'] +// +// Expected: Error — dst="autogroup:self": port range "self": invalid first integer { "test_id": "ACL-ERR03", "timestamp": "2026-03-17T14:28:24Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-ERR04.json b/hscontrol/policy/v2/testdata/acl_results/ACL-ERR04.hujson similarity index 91% rename from hscontrol/policy/v2/testdata/acl_results/ACL-ERR04.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-ERR04.hujson index fd7387ee..cd8d824e 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-ERR04.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-ERR04.hujson @@ -1,3 +1,8 @@ +// ACL-ERR04 +// +// ACL: accept: src=['tag:nonexistent'] dst=['*:*'] +// +// Expected: Error — src=tag not found: "tag:nonexistent" { "test_id": "ACL-ERR04", "timestamp": "2026-03-17T14:28:25Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-ERR05.json b/hscontrol/policy/v2/testdata/acl_results/ACL-ERR05.hujson similarity index 90% rename from hscontrol/policy/v2/testdata/acl_results/ACL-ERR05.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-ERR05.hujson index 105363fe..5a1c892c 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-ERR05.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-ERR05.hujson @@ -1,3 +1,8 @@ +// ACL-ERR05 +// +// ACL: accept: src=['*'] dst=['tag:nonexistent:22'] +// +// Expected: Error — dst="tag:nonexistent": tag not found: "tag:nonexistent" { "test_id": "ACL-ERR05", "timestamp": "2026-03-17T14:28:25Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-ERR06.json b/hscontrol/policy/v2/testdata/acl_results/ACL-ERR06.hujson similarity index 91% rename from hscontrol/policy/v2/testdata/acl_results/ACL-ERR06.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-ERR06.hujson index aeb01305..6e410e78 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-ERR06.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-ERR06.hujson @@ -1,3 +1,8 @@ +// ACL-ERR06 +// +// ACL: deny: src=['tag:client'] dst=['tag:server:22'] +// +// Expected: Error — action="deny" is not supported { "test_id": "ACL-ERR06", "timestamp": "2026-03-17T14:28:25Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-ERR07.json b/hscontrol/policy/v2/testdata/acl_results/ACL-ERR07.hujson similarity index 90% rename from hscontrol/policy/v2/testdata/acl_results/ACL-ERR07.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-ERR07.hujson index 669e7a06..7d271710 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-ERR07.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-ERR07.hujson @@ -1,3 +1,8 @@ +// ACL-ERR07 +// +// ACL: accept: src=['*'] dst=['tag:server:ssh'] +// +// Expected: Error — dst="tag:server:ssh": port range "ssh": invalid first integer { "test_id": "ACL-ERR07", "timestamp": "2026-03-17T14:28:29Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-ERR08.json b/hscontrol/policy/v2/testdata/acl_results/ACL-ERR08.hujson similarity index 86% rename from hscontrol/policy/v2/testdata/acl_results/ACL-ERR08.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-ERR08.hujson index f0abcb87..f0406693 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-ERR08.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-ERR08.hujson @@ -1,3 +1,10 @@ +// ACL-ERR08 +// +// ACLs: +// accept: src=['*'] dst=['autogroup:self:*'] +// accept: src=['tag:client'] dst=['autogroup:self:22'] +// +// Expected: Error — autogroup:self can only be used with users, groups, or supported autogroups { "test_id": "ACL-ERR08", "timestamp": "2026-03-17T14:28:34Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-ERR09.json b/hscontrol/policy/v2/testdata/acl_results/ACL-ERR09.hujson similarity index 86% rename from hscontrol/policy/v2/testdata/acl_results/ACL-ERR09.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-ERR09.hujson index a617c402..cbbc0b1b 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-ERR09.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-ERR09.hujson @@ -1,3 +1,10 @@ +// ACL-ERR09 +// +// ACLs: +// accept: src=['*'] dst=['autogroup:self:*'] +// accept: src=['autogroup:tagged'] dst=['autogroup:self:22'] +// +// Expected: Error — autogroup:self can only be used with users, groups, or supported autogroups { "test_id": "ACL-ERR09", "timestamp": "2026-03-17T14:28:39Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-H01.json b/hscontrol/policy/v2/testdata/acl_results/ACL-H01.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-H01.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-H01.hujson index c2456430..5a7e3391 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-H01.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-H01.hujson @@ -1,3 +1,8 @@ +// ACL-H01 +// +// ACL: accept: src=['*'] dst=['webserver:80'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-H01", "timestamp": "2026-03-17T14:28:44Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-H02.json b/hscontrol/policy/v2/testdata/acl_results/ACL-H02.hujson similarity index 98% rename from hscontrol/policy/v2/testdata/acl_results/ACL-H02.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-H02.hujson index 5bfc732f..91ef5e84 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-H02.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-H02.hujson @@ -1,3 +1,8 @@ +// ACL-H02 +// +// ACL: accept: src=['webserver'] dst=['*:*'] +// +// Expected: Rules on 8 of 8 nodes { "test_id": "ACL-H02", "timestamp": "2026-03-17T14:28:59Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-H03.json b/hscontrol/policy/v2/testdata/acl_results/ACL-H03.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-H03.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-H03.hujson index bbb79e43..9f6c2cdf 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-H03.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-H03.hujson @@ -1,3 +1,8 @@ +// ACL-H03 +// +// ACL: accept: src=['internal'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-H03", "timestamp": "2026-03-17T14:29:10Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-H04.json b/hscontrol/policy/v2/testdata/acl_results/ACL-H04.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-H04.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-H04.hujson index 357829f0..1e3f6278 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-H04.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-H04.hujson @@ -1,3 +1,8 @@ +// ACL-H04 +// +// ACL: accept: src=['*'] dst=['internal:22'] +// +// Expected: Rules on subnet-router { "test_id": "ACL-H04", "timestamp": "2026-03-17T14:29:20Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-H05.json b/hscontrol/policy/v2/testdata/acl_results/ACL-H05.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-H05.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-H05.hujson index 0c29d0c9..862bbff1 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-H05.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-H05.hujson @@ -1,3 +1,8 @@ +// ACL-H05 +// +// ACL: accept: src=['*'] dst=['webserver:22', 'prodbox:5432'] +// +// Expected: Rules on tagged-prod, tagged-server { "test_id": "ACL-H05", "timestamp": "2026-03-17T14:29:31Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-H06.json b/hscontrol/policy/v2/testdata/acl_results/ACL-H06.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-H06.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-H06.hujson index 5ecca2e2..fb82cf07 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-H06.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-H06.hujson @@ -1,3 +1,8 @@ +// ACL-H06 +// +// ACL: accept: src=['webserver', 'tag:client'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-H06", "timestamp": "2026-03-17T14:29:41Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-H07.json b/hscontrol/policy/v2/testdata/acl_results/ACL-H07.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-H07.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-H07.hujson index 99b7d1c0..eefabf1c 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-H07.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-H07.hujson @@ -1,3 +1,8 @@ +// ACL-H07 +// +// ACL: accept: src=['group:admins'] dst=['webserver:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-H07", "timestamp": "2026-03-17T14:29:52Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-H08.json b/hscontrol/policy/v2/testdata/acl_results/ACL-H08.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-H08.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-H08.hujson index 9ba835f9..25b86b41 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-H08.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-H08.hujson @@ -1,3 +1,8 @@ +// ACL-H08 +// +// ACL: accept: src=['*'] dst=['subnet24:80'] +// +// Expected: No filter rules { "test_id": "ACL-H08", "timestamp": "2026-03-17T14:30:02Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-K01.json b/hscontrol/policy/v2/testdata/acl_results/ACL-K01.hujson similarity index 95% rename from hscontrol/policy/v2/testdata/acl_results/ACL-K01.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-K01.hujson index 15509cab..3302edd2 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-K01.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-K01.hujson @@ -1,3 +1,8 @@ +// ACL-K01 +// +// ACL: accept: src=['*', 'autogroup:member', 'autogroup:tagged', 'group:admins', 'tag:client', 'webserver', '100.90.199.68'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-K01", "timestamp": "2026-03-17T14:30:13Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-K02.json b/hscontrol/policy/v2/testdata/acl_results/ACL-K02.hujson similarity index 95% rename from hscontrol/policy/v2/testdata/acl_results/ACL-K02.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-K02.hujson index f72a6e71..589f94db 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-K02.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-K02.hujson @@ -1,3 +1,8 @@ +// ACL-K02 +// +// ACL: accept: src=['tag:client'] dst=['tag:server:22', 'tag:prod:5432', 'webserver:80', 'prodbox:443', 'group:admins:8080', 'kratail2tid@passkey:3000', '100.108.74.26:9000'] +// +// Expected: Rules on tagged-prod, tagged-server, user1 { "test_id": "ACL-K02", "timestamp": "2026-03-17T14:30:23Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-K03.json b/hscontrol/policy/v2/testdata/acl_results/ACL-K03.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-K03.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-K03.hujson index 49185560..5e948860 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-K03.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-K03.hujson @@ -1,3 +1,8 @@ +// ACL-K03 +// +// ACL: accept: src=['autogroup:member', 'autogroup:tagged', 'group:admins', 'group:developers', 'kratail2tid@passkey', 'tag:client', 'tag:prod', 'tag:server', 'webserver', 'prodbox'] dst=['*:*'] +// +// Expected: Rules on 8 of 8 nodes { "test_id": "ACL-K03", "timestamp": "2026-03-17T14:30:34Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-K04.json b/hscontrol/policy/v2/testdata/acl_results/ACL-K04.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-K04.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-K04.hujson index fbfbfa63..5cfa2755 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-K04.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-K04.hujson @@ -1,3 +1,8 @@ +// ACL-K04 +// +// ACL: accept: src=['*'] dst=['tag:server:22', 'tag:server:80', 'tag:server:443', 'tag:prod:5432', 'tag:prod:3306', 'tag:client:80', 'tag:client:443', 'webserver:8080', 'prodbox:8080'] +// +// Expected: Rules on tagged-client, tagged-prod, tagged-server { "test_id": "ACL-K04", "timestamp": "2026-03-17T14:30:44Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-K05.json b/hscontrol/policy/v2/testdata/acl_results/ACL-K05.hujson similarity index 94% rename from hscontrol/policy/v2/testdata/acl_results/ACL-K05.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-K05.hujson index 898a7e93..fb717a68 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-K05.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-K05.hujson @@ -1,3 +1,8 @@ +// ACL-K05 +// +// ACL: accept: src=['autogroup:member', 'group:admins', 'kratail2tid@passkey', 'tag:client', 'tag:prod', '100.83.200.69', '100.103.8.15'] dst=['tag:server:22', 'webserver:80', '100.108.74.26:443', 'group:admins:8080', 'kratail2tid@passkey:9000'] +// +// Expected: Rules on tagged-server, user1 { "test_id": "ACL-K05", "timestamp": "2026-03-17T14:30:54Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-M01.json b/hscontrol/policy/v2/testdata/acl_results/ACL-M01.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-M01.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-M01.hujson index 02e69ca2..dd4202e2 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-M01.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-M01.hujson @@ -1,3 +1,8 @@ +// ACL-M01 +// +// ACL: accept: src=['kratail2tid@passkey', 'tag:client', 'group:monitors'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-M01", "timestamp": "2026-03-17T14:31:05Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-M02.json b/hscontrol/policy/v2/testdata/acl_results/ACL-M02.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-M02.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-M02.hujson index 146cc4e1..d68b12c3 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-M02.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-M02.hujson @@ -1,3 +1,8 @@ +// ACL-M02 +// +// ACL: accept: src=['100.90.199.68', 'tag:client'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-M02", "timestamp": "2026-03-17T14:31:15Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-M03.json b/hscontrol/policy/v2/testdata/acl_results/ACL-M03.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-M03.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-M03.hujson index ed8ae756..2d6f50ec 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-M03.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-M03.hujson @@ -1,3 +1,8 @@ +// ACL-M03 +// +// ACL: accept: src=['webserver', 'tag:client'] dst=['tag:prod:5432'] +// +// Expected: Rules on tagged-prod { "test_id": "ACL-M03", "timestamp": "2026-03-17T14:31:26Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-M04.json b/hscontrol/policy/v2/testdata/acl_results/ACL-M04.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-M04.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-M04.hujson index 9de7e33e..4946d0fc 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-M04.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-M04.hujson @@ -1,3 +1,8 @@ +// ACL-M04 +// +// ACL: accept: src=['group:admins', 'tag:client'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-M04", "timestamp": "2026-03-17T14:31:36Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-M05.json b/hscontrol/policy/v2/testdata/acl_results/ACL-M05.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-M05.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-M05.hujson index 7edd5f17..50e5c7f6 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-M05.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-M05.hujson @@ -1,3 +1,8 @@ +// ACL-M05 +// +// ACL: accept: src=['kratail2tid@passkey', 'group:monitors'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-M05", "timestamp": "2026-03-17T14:31:47Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-M06.json b/hscontrol/policy/v2/testdata/acl_results/ACL-M06.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-M06.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-M06.hujson index 575d223b..faafbfbb 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-M06.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-M06.hujson @@ -1,3 +1,8 @@ +// ACL-M06 +// +// ACL: accept: src=['*', 'tag:client'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-M06", "timestamp": "2026-03-17T14:31:57Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-M07.json b/hscontrol/policy/v2/testdata/acl_results/ACL-M07.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-M07.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-M07.hujson index 729f7ee5..cc181df6 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-M07.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-M07.hujson @@ -1,3 +1,8 @@ +// ACL-M07 +// +// ACL: accept: src=['autogroup:member', 'tag:client'] dst=['tag:server:22,80,443'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-M07", "timestamp": "2026-03-17T14:32:08Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-M08.json b/hscontrol/policy/v2/testdata/acl_results/ACL-M08.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-M08.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-M08.hujson index 95cc712b..fe83ac4a 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-M08.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-M08.hujson @@ -1,3 +1,8 @@ +// ACL-M08 +// +// ACL: accept: src=['autogroup:member', 'tag:client'] dst=['tag:server:80-443'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-M08", "timestamp": "2026-03-17T14:32:18Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-M09.json b/hscontrol/policy/v2/testdata/acl_results/ACL-M09.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-M09.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-M09.hujson index de815a4a..3fb50dbd 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-M09.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-M09.hujson @@ -1,3 +1,8 @@ +// ACL-M09 +// +// ACL: accept: src=['tag:client', 'internal'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-M09", "timestamp": "2026-03-17T14:32:29Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-M10.json b/hscontrol/policy/v2/testdata/acl_results/ACL-M10.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-M10.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-M10.hujson index a7ffac09..a71adfe9 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-M10.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-M10.hujson @@ -1,3 +1,8 @@ +// ACL-M10 +// +// ACL: accept: src=['100.92.142.61', 'tag:client'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-M10", "timestamp": "2026-03-17T14:32:39Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MR01.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MR01.hujson similarity index 95% rename from hscontrol/policy/v2/testdata/acl_results/ACL-MR01.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-MR01.hujson index 59901463..921a7a3b 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-MR01.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MR01.hujson @@ -1,3 +1,10 @@ +// ACL-MR01 +// +// ACLs: +// accept: src=['tag:client'] dst=['tag:server:22'] +// accept: src=['tag:client'] dst=['tag:prod:5432'] +// +// Expected: Rules on tagged-prod, tagged-server { "test_id": "ACL-MR01", "timestamp": "2026-03-17T14:32:50Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MR02.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MR02.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-MR02.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-MR02.hujson index 4b93ef1a..c13adef7 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-MR02.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MR02.hujson @@ -1,3 +1,10 @@ +// ACL-MR02 +// +// ACLs: +// accept: src=['tag:client'] dst=['tag:server:22'] +// accept: src=['tag:client'] dst=['tag:server:80'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-MR02", "timestamp": "2026-03-17T14:33:00Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MR03.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MR03.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-MR03.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-MR03.hujson index a020aeb2..ea7b2cd4 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-MR03.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MR03.hujson @@ -1,3 +1,10 @@ +// ACL-MR03 +// +// ACLs: +// accept: src=['tag:client'] dst=['tag:server:22'] +// accept: src=['tag:prod'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-MR03", "timestamp": "2026-03-17T14:33:10Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MR04.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MR04.hujson similarity index 95% rename from hscontrol/policy/v2/testdata/acl_results/ACL-MR04.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-MR04.hujson index 832e6ba9..17a820dc 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-MR04.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MR04.hujson @@ -1,3 +1,10 @@ +// ACL-MR04 +// +// ACLs: +// accept: src=['group:admins'] dst=['tag:server:22'] +// accept: src=['kratail2tid@passkey'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-MR04", "timestamp": "2026-03-17T14:33:21Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MR05.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MR05.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-MR05.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-MR05.hujson index 2cd0ab53..9bf05a07 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-MR05.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MR05.hujson @@ -1,3 +1,10 @@ +// ACL-MR05 +// +// ACLs: +// accept: src=['*'] dst=['group:admins:22'] +// accept: src=['*'] dst=['kratail2tid@passkey:22'] +// +// Expected: Rules on user1 { "test_id": "ACL-MR05", "timestamp": "2026-03-17T14:33:31Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MR06.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MR06.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-MR06.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-MR06.hujson index 121a8a89..394f336d 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-MR06.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MR06.hujson @@ -1,3 +1,10 @@ +// ACL-MR06 +// +// ACLs: +// accept: src=['tag:client'] dst=['autogroup:member:22'] +// accept: src=['tag:client'] dst=['group:admins:22'] +// +// Expected: Rules on user-kris, user-mon, user1 { "test_id": "ACL-MR06", "timestamp": "2026-03-17T14:33:42Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MR07.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MR07.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-MR07.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-MR07.hujson index 4f59d484..c63c8f70 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-MR07.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MR07.hujson @@ -1,3 +1,10 @@ +// ACL-MR07 +// +// ACLs: +// accept: src=['*'] dst=['tag:server:22', 'tag:prod:5432'] +// accept: src=['tag:client'] dst=['tag:server:80', 'tag:router:443'] +// +// Expected: Rules on subnet-router, tagged-prod, tagged-server { "test_id": "ACL-MR07", "timestamp": "2026-03-17T14:33:52Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MR08.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MR08.hujson similarity index 95% rename from hscontrol/policy/v2/testdata/acl_results/ACL-MR08.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-MR08.hujson index 4b875236..41dd9cb1 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-MR08.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MR08.hujson @@ -1,3 +1,11 @@ +// ACL-MR08 +// +// ACLs: +// accept: src=['tag:client'] dst=['tag:server:22'] +// accept: src=['tag:prod'] dst=['tag:server:80'] +// accept: src=['tag:router'] dst=['tag:server:443'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-MR08", "timestamp": "2026-03-17T14:34:03Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MR09.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MR09.hujson similarity index 95% rename from hscontrol/policy/v2/testdata/acl_results/ACL-MR09.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-MR09.hujson index bf1590a4..5dfce887 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-MR09.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MR09.hujson @@ -1,3 +1,11 @@ +// ACL-MR09 +// +// ACLs: +// accept: src=['autogroup:member'] dst=['tag:server:22'] +// accept: src=['group:admins'] dst=['tag:server:22'] +// accept: src=['kratail2tid@passkey'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-MR09", "timestamp": "2026-03-17T14:34:13Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MR10.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MR10.hujson similarity index 95% rename from hscontrol/policy/v2/testdata/acl_results/ACL-MR10.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-MR10.hujson index fe014369..86a8d541 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-MR10.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MR10.hujson @@ -1,3 +1,11 @@ +// ACL-MR10 +// +// ACLs: +// accept: src=['tag:client'] dst=['tag:server:22'] +// accept: src=['tag:client'] dst=['tag:prod:22'] +// accept: src=['tag:client'] dst=['tag:router:22'] +// +// Expected: Rules on subnet-router, tagged-prod, tagged-server { "test_id": "ACL-MR10", "timestamp": "2026-03-17T14:34:23Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MR11.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MR11.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-MR11.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-MR11.hujson index 48f02f02..78e2db71 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-MR11.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MR11.hujson @@ -1,3 +1,10 @@ +// ACL-MR11 +// +// ACLs: +// accept: src=['autogroup:member'] dst=['autogroup:member:22'] +// accept: src=['group:admins'] dst=['group:admins:22'] +// +// Expected: Rules on user-kris, user-mon, user1 { "test_id": "ACL-MR11", "timestamp": "2026-03-17T14:34:34Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MR12.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MR12.hujson similarity index 95% rename from hscontrol/policy/v2/testdata/acl_results/ACL-MR12.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-MR12.hujson index 83a362ba..087ed2fb 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-MR12.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MR12.hujson @@ -1,3 +1,10 @@ +// ACL-MR12 +// +// ACLs: +// accept: src=['kratail2tid@passkey'] dst=['kratail2tid@passkey:22'] +// accept: src=['group:admins'] dst=['kratail2tid@passkey:80'] +// +// Expected: Rules on user1 { "test_id": "ACL-MR12", "timestamp": "2026-03-17T14:34:44Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MR13.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MR13.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-MR13.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-MR13.hujson index 01d9e394..c451b79f 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-MR13.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MR13.hujson @@ -1,3 +1,10 @@ +// ACL-MR13 +// +// ACLs: +// accept: src=['autogroup:tagged'] dst=['autogroup:tagged:22'] +// accept: src=['tag:client', 'tag:prod'] dst=['autogroup:tagged:80'] +// +// Expected: Rules on exit-node, subnet-router, tagged-client, tagged-prod, tagged-server { "test_id": "ACL-MR13", "timestamp": "2026-03-17T14:34:55Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MR14.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MR14.hujson similarity index 98% rename from hscontrol/policy/v2/testdata/acl_results/ACL-MR14.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-MR14.hujson index b39c5dc0..a7db2b99 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-MR14.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MR14.hujson @@ -1,3 +1,10 @@ +// ACL-MR14 +// +// ACLs: +// accept: src=['autogroup:member', 'autogroup:tagged'] dst=['autogroup:member:22', 'autogroup:tagged:80'] +// accept: src=['*'] dst=['*:443'] +// +// Expected: Rules on 8 of 8 nodes { "test_id": "ACL-MR14", "timestamp": "2026-03-17T14:35:05Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MR15.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MR15.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-MR15.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-MR15.hujson index 77de1a33..7dac19ef 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-MR15.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MR15.hujson @@ -1,3 +1,10 @@ +// ACL-MR15 +// +// ACLs: +// accept: src=['*'] dst=['*:*'] +// accept: src=['tag:client'] dst=['tag:server:22'] +// +// Expected: Rules on 8 of 8 nodes { "test_id": "ACL-MR15", "timestamp": "2026-03-17T14:35:16Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MR16.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MR16.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-MR16.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-MR16.hujson index 972f27e4..b06bb22a 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-MR16.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MR16.hujson @@ -1,3 +1,11 @@ +// ACL-MR16 +// +// ACLs: +// accept: src=['*'] dst=['tag:server:22'] +// accept: src=['*'] dst=['tag:prod:5432'] +// accept: src=['*'] dst=['*:80'] +// +// Expected: Rules on 8 of 8 nodes { "test_id": "ACL-MR16", "timestamp": "2026-03-17T14:35:26Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MR17.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MR17.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-MR17.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-MR17.hujson index e852c8ee..d9d3c042 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-MR17.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MR17.hujson @@ -1,3 +1,10 @@ +// ACL-MR17 +// +// ACLs: +// accept: src=['tag:client'] dst=['*:*'] +// accept: src=['tag:client'] dst=['tag:server:22'] +// +// Expected: Rules on 8 of 8 nodes { "test_id": "ACL-MR17", "timestamp": "2026-03-17T14:35:37Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MR18.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MR18.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-MR18.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-MR18.hujson index 64ca6f2c..c854621a 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-MR18.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MR18.hujson @@ -1,3 +1,10 @@ +// ACL-MR18 +// +// ACLs: +// accept: src=['*'] dst=['tag:server:22', 'tag:prod:5432', 'tag:client:80'] +// accept: src=['tag:client'] dst=['tag:server:80', '*:443'] +// +// Expected: Rules on 8 of 8 nodes { "test_id": "ACL-MR18", "timestamp": "2026-03-17T14:35:47Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MR19.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MR19.hujson similarity index 98% rename from hscontrol/policy/v2/testdata/acl_results/ACL-MR19.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-MR19.hujson index 3f58da83..de536dda 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-MR19.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MR19.hujson @@ -1,3 +1,10 @@ +// ACL-MR19 +// +// ACLs: +// accept: src=['autogroup:tagged'] dst=['*:*'] +// accept: src=['autogroup:member'] dst=['*:*'] +// +// Expected: Rules on 8 of 8 nodes { "test_id": "ACL-MR19", "timestamp": "2026-03-17T14:35:58Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MR20.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MR20.hujson similarity index 94% rename from hscontrol/policy/v2/testdata/acl_results/ACL-MR20.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-MR20.hujson index 47e195f7..db9069b7 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-MR20.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MR20.hujson @@ -1,3 +1,10 @@ +// ACL-MR20 +// +// ACLs: +// accept: src=['autogroup:member', 'group:admins', 'kratail2tid@passkey'] dst=['tag:server:22'] +// accept: src=['tag:server', 'webserver', '100.108.74.26'] dst=['group:admins:80'] +// +// Expected: Rules on tagged-server, user1 { "test_id": "ACL-MR20", "timestamp": "2026-03-17T14:36:08Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MR21.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MR21.hujson similarity index 94% rename from hscontrol/policy/v2/testdata/acl_results/ACL-MR21.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-MR21.hujson index c4688962..6fba8ee1 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-MR21.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MR21.hujson @@ -1,3 +1,12 @@ +// ACL-MR21 +// +// ACLs: +// accept: src=['autogroup:member'] dst=['tag:server:22'] +// accept: src=['autogroup:member'] dst=['tag:prod:5432'] +// accept: src=['autogroup:member'] dst=['tag:client:80'] +// accept: src=['autogroup:member'] dst=['webserver:443'] +// +// Expected: Rules on tagged-client, tagged-prod, tagged-server { "test_id": "ACL-MR21", "timestamp": "2026-03-17T14:36:18Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MR22.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MR22.hujson similarity index 95% rename from hscontrol/policy/v2/testdata/acl_results/ACL-MR22.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-MR22.hujson index 04db0fde..970ffb7e 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-MR22.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MR22.hujson @@ -1,3 +1,12 @@ +// ACL-MR22 +// +// ACLs: +// accept: src=['tag:client'] dst=['tag:server:22'] +// accept: src=['tag:client'] dst=['tag:prod:22'] +// accept: src=['tag:client'] dst=['tag:router:22'] +// ... (5 rules total) +// +// Expected: Rules on subnet-router, tagged-prod, tagged-server { "test_id": "ACL-MR22", "timestamp": "2026-03-17T14:36:29Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MR23.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MR23.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-MR23.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-MR23.hujson index 9081e618..8d2ad968 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-MR23.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MR23.hujson @@ -1,3 +1,12 @@ +// ACL-MR23 +// +// ACLs: +// accept: src=['tag:server'] dst=['tag:server:22'] +// accept: src=['tag:client'] dst=['tag:client:22'] +// accept: src=['tag:prod'] dst=['tag:prod:22'] +// ... (6 rules total) +// +// Expected: Rules on 8 of 8 nodes { "test_id": "ACL-MR23", "timestamp": "2026-03-17T14:36:39Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MU01.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MU01.hujson similarity index 95% rename from hscontrol/policy/v2/testdata/acl_results/ACL-MU01.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-MU01.hujson index 10c204cd..83b0b554 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-MU01.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MU01.hujson @@ -1,3 +1,10 @@ +// ACL-MU01 +// +// ACLs: +// accept: src=['kratail2tid@passkey'] dst=['tag:server:22'] +// accept: src=['kristoffer@dalby.cc'] dst=['tag:server:80'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-MU01", "timestamp": "2026-03-17T14:36:50Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MU02.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MU02.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-MU02.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-MU02.hujson index 731a5d58..e835b02b 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-MU02.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MU02.hujson @@ -1,3 +1,8 @@ +// ACL-MU02 +// +// ACL: accept: src=['group:developers'] dst=['autogroup:self:*'] +// +// Expected: Rules on user-kris, user1 { "test_id": "ACL-MU02", "timestamp": "2026-03-17T14:37:00Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MU03.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MU03.hujson similarity index 95% rename from hscontrol/policy/v2/testdata/acl_results/ACL-MU03.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-MU03.hujson index 4bc0ac5d..c449727e 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-MU03.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MU03.hujson @@ -1,3 +1,10 @@ +// ACL-MU03 +// +// ACLs: +// accept: src=['group:developers'] dst=['tag:server:22'] +// accept: src=['group:monitors'] dst=['tag:prod:5432'] +// +// Expected: Rules on tagged-prod, tagged-server { "test_id": "ACL-MU03", "timestamp": "2026-03-17T14:37:11Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MU04.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MU04.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-MU04.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-MU04.hujson index cfac0a9e..d211db52 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-MU04.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MU04.hujson @@ -1,3 +1,10 @@ +// ACL-MU04 +// +// ACLs: +// accept: src=['autogroup:member'] dst=['autogroup:self:*'] +// accept: src=['autogroup:member'] dst=['autogroup:member:22'] +// +// Expected: Rules on user-kris, user-mon, user1 { "test_id": "ACL-MU04", "timestamp": "2026-03-17T14:37:21Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MU05.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MU05.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-MU05.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-MU05.hujson index cec835b5..70633962 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-MU05.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MU05.hujson @@ -1,3 +1,8 @@ +// ACL-MU05 +// +// ACL: accept: src=['*'] dst=['kratail2tid@passkey:22'] +// +// Expected: Rules on user1 { "test_id": "ACL-MU05", "timestamp": "2026-03-17T14:37:32Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MU06.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MU06.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-MU06.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-MU06.hujson index 537366ec..9c958a0e 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-MU06.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MU06.hujson @@ -1,3 +1,8 @@ +// ACL-MU06 +// +// ACL: accept: src=['*'] dst=['kristoffer@dalby.cc:*'] +// +// Expected: Rules on user-kris { "test_id": "ACL-MU06", "timestamp": "2026-03-17T14:37:42Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MU07.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MU07.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-MU07.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-MU07.hujson index 278d2b07..6648757e 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-MU07.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MU07.hujson @@ -1,3 +1,8 @@ +// ACL-MU07 +// +// ACL: accept: src=['kratail2tid@passkey', 'kristoffer@dalby.cc', 'monitorpasskeykradalby@passkey'] dst=['*:*'] +// +// Expected: Rules on 8 of 8 nodes { "test_id": "ACL-MU07", "timestamp": "2026-03-17T14:37:53Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-MU08.json b/hscontrol/policy/v2/testdata/acl_results/ACL-MU08.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-MU08.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-MU08.hujson index 2da2cc7b..cd1e69a6 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-MU08.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-MU08.hujson @@ -1,3 +1,8 @@ +// ACL-MU08 +// +// ACL: accept: src=['*'] dst=['kratail2tid@passkey:22', 'kristoffer@dalby.cc:22', 'monitorpasskeykradalby@passkey:22'] +// +// Expected: Rules on user-kris, user-mon, user1 { "test_id": "ACL-MU08", "timestamp": "2026-03-17T14:38:03Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-O01.json b/hscontrol/policy/v2/testdata/acl_results/ACL-O01.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-O01.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-O01.hujson index 55eb57d8..bf58f067 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-O01.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-O01.hujson @@ -1,3 +1,8 @@ +// ACL-O01 +// +// ACL: accept: src=['tag:client', 'tag:prod'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-O01", "timestamp": "2026-03-17T14:38:13Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-O02.json b/hscontrol/policy/v2/testdata/acl_results/ACL-O02.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-O02.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-O02.hujson index 2603e5cf..bdfd6950 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-O02.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-O02.hujson @@ -1,3 +1,8 @@ +// ACL-O02 +// +// ACL: accept: src=['tag:prod', 'tag:client'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-O02", "timestamp": "2026-03-17T14:38:24Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-O03.json b/hscontrol/policy/v2/testdata/acl_results/ACL-O03.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-O03.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-O03.hujson index df39290a..02eea762 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-O03.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-O03.hujson @@ -1,3 +1,8 @@ +// ACL-O03 +// +// ACL: accept: src=['tag:client'] dst=['tag:server:22', 'tag:prod:5432'] +// +// Expected: Rules on tagged-prod, tagged-server { "test_id": "ACL-O03", "timestamp": "2026-03-17T14:38:34Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-O04.json b/hscontrol/policy/v2/testdata/acl_results/ACL-O04.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-O04.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-O04.hujson index 98f6e880..5900ad35 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-O04.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-O04.hujson @@ -1,3 +1,8 @@ +// ACL-O04 +// +// ACL: accept: src=['tag:client'] dst=['tag:prod:5432', 'tag:server:22'] +// +// Expected: Rules on tagged-prod, tagged-server { "test_id": "ACL-O04", "timestamp": "2026-03-17T14:38:45Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-P01.json b/hscontrol/policy/v2/testdata/acl_results/ACL-P01.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-P01.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-P01.hujson index 33eee487..a9ce56c7 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-P01.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-P01.hujson @@ -1,3 +1,8 @@ +// ACL-P01 +// +// ACL: accept: src=['*'] dst=['tag:server:*'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-P01", "timestamp": "2026-03-17T14:38:55Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-P02.json b/hscontrol/policy/v2/testdata/acl_results/ACL-P02.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-P02.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-P02.hujson index ec4fd311..d17d3bf0 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-P02.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-P02.hujson @@ -1,3 +1,8 @@ +// ACL-P02 +// +// ACL: accept: src=['*'] dst=['tag:server:80-443'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-P02", "timestamp": "2026-03-17T14:39:06Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-P03.json b/hscontrol/policy/v2/testdata/acl_results/ACL-P03.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-P03.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-P03.hujson index cb4ae118..cfdc96d1 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-P03.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-P03.hujson @@ -1,3 +1,8 @@ +// ACL-P03 +// +// ACL: accept: src=['*'] dst=['tag:server:22,80,443'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-P03", "timestamp": "2026-03-17T14:39:16Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-P04.json b/hscontrol/policy/v2/testdata/acl_results/ACL-P04.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-P04.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-P04.hujson index 8cdf8b34..357df7b2 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-P04.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-P04.hujson @@ -1,3 +1,8 @@ +// ACL-P04 +// +// ACL: accept: src=['*'] dst=['tag:server:22'] proto=tcp +// +// Expected: Rules on tagged-server { "test_id": "ACL-P04", "timestamp": "2026-03-17T14:39:27Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-P05.json b/hscontrol/policy/v2/testdata/acl_results/ACL-P05.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-P05.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-P05.hujson index 482e780d..59649776 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-P05.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-P05.hujson @@ -1,3 +1,8 @@ +// ACL-P05 +// +// ACL: accept: src=['*'] dst=['tag:server:53'] proto=udp +// +// Expected: Rules on tagged-server { "test_id": "ACL-P05", "timestamp": "2026-03-17T14:39:37Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-P06.json b/hscontrol/policy/v2/testdata/acl_results/ACL-P06.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-P06.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-P06.hujson index 18612fb3..8cf5aacd 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-P06.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-P06.hujson @@ -1,3 +1,8 @@ +// ACL-P06 +// +// ACL: accept: src=['*'] dst=['tag:server:*'] proto=1 +// +// Expected: Rules on tagged-server { "test_id": "ACL-P06", "timestamp": "2026-03-17T14:39:48Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-PF01.json b/hscontrol/policy/v2/testdata/acl_results/ACL-PF01.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-PF01.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-PF01.hujson index 08756bf2..58616778 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-PF01.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-PF01.hujson @@ -1,3 +1,8 @@ +// ACL-PF01 +// +// ACL: accept: src=['tag:client'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-PF01", "timestamp": "2026-03-17T14:39:58Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-PF02.json b/hscontrol/policy/v2/testdata/acl_results/ACL-PF02.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-PF02.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-PF02.hujson index 322dfad6..8a927696 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-PF02.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-PF02.hujson @@ -1,3 +1,8 @@ +// ACL-PF02 +// +// ACL: accept: src=['tag:client'] dst=['tag:server:80-443'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-PF02", "timestamp": "2026-03-17T14:40:09Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-PF03.json b/hscontrol/policy/v2/testdata/acl_results/ACL-PF03.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-PF03.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-PF03.hujson index 7eac6b80..72ec55ad 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-PF03.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-PF03.hujson @@ -1,3 +1,8 @@ +// ACL-PF03 +// +// ACL: accept: src=['tag:client'] dst=['tag:server:22,80,443'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-PF03", "timestamp": "2026-03-17T14:40:19Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-PF04.json b/hscontrol/policy/v2/testdata/acl_results/ACL-PF04.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-PF04.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-PF04.hujson index 3d439dbd..66b9f041 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-PF04.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-PF04.hujson @@ -1,3 +1,8 @@ +// ACL-PF04 +// +// ACL: accept: src=['tag:client'] dst=['tag:server:*'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-PF04", "timestamp": "2026-03-17T14:40:29Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-PF05.json b/hscontrol/policy/v2/testdata/acl_results/ACL-PF05.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-PF05.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-PF05.hujson index 9e328901..bd5961b1 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-PF05.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-PF05.hujson @@ -1,3 +1,8 @@ +// ACL-PF05 +// +// ACL: accept: src=['tag:client'] dst=['tag:server:1-65535'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-PF05", "timestamp": "2026-03-17T14:40:40Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-R01.json b/hscontrol/policy/v2/testdata/acl_results/ACL-R01.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-R01.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-R01.hujson index 20619f80..670b9549 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-R01.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-R01.hujson @@ -1,3 +1,10 @@ +// ACL-R01 +// +// ACLs: +// accept: src=['tag:client'] dst=['tag:server:22'] +// accept: src=['tag:prod'] dst=['tag:server:80'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-R01", "timestamp": "2026-03-17T14:40:50Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-R02.json b/hscontrol/policy/v2/testdata/acl_results/ACL-R02.hujson similarity index 95% rename from hscontrol/policy/v2/testdata/acl_results/ACL-R02.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-R02.hujson index f5e1adc7..b9d3c0e1 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-R02.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-R02.hujson @@ -1,3 +1,10 @@ +// ACL-R02 +// +// ACLs: +// accept: src=['tag:client'] dst=['tag:server:22'] +// accept: src=['tag:client'] dst=['tag:prod:5432'] +// +// Expected: Rules on tagged-prod, tagged-server { "test_id": "ACL-R02", "timestamp": "2026-03-17T14:41:01Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-R03.json b/hscontrol/policy/v2/testdata/acl_results/ACL-R03.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-R03.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-R03.hujson index a78bef8c..f9fd8832 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-R03.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-R03.hujson @@ -1,3 +1,10 @@ +// ACL-R03 +// +// ACLs: +// accept: src=['tag:client'] dst=['tag:server:22'] +// accept: src=['tag:client'] dst=['tag:server:80'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-R03", "timestamp": "2026-03-17T14:41:11Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-R04.json b/hscontrol/policy/v2/testdata/acl_results/ACL-R04.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-R04.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-R04.hujson index c8c822e6..38e0f9ed 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-R04.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-R04.hujson @@ -1,3 +1,10 @@ +// ACL-R04 +// +// ACLs: +// accept: src=['tag:client'] dst=['tag:server:22'] +// accept: src=['group:admins'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-R04", "timestamp": "2026-03-17T14:41:22Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-R05.json b/hscontrol/policy/v2/testdata/acl_results/ACL-R05.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-R05.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-R05.hujson index 8d56abbb..4979bb9a 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-R05.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-R05.hujson @@ -1,3 +1,10 @@ +// ACL-R05 +// +// ACLs: +// accept: src=['*'] dst=['*:*'] +// accept: src=['tag:client'] dst=['tag:server:22'] +// +// Expected: Rules on 8 of 8 nodes { "test_id": "ACL-R05", "timestamp": "2026-03-17T14:41:32Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-R06.json b/hscontrol/policy/v2/testdata/acl_results/ACL-R06.hujson similarity index 95% rename from hscontrol/policy/v2/testdata/acl_results/ACL-R06.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-R06.hujson index 4ca1a774..6167e55f 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-R06.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-R06.hujson @@ -1,3 +1,11 @@ +// ACL-R06 +// +// ACLs: +// accept: src=['tag:client'] dst=['tag:server:22'] +// accept: src=['tag:prod'] dst=['tag:server:80'] +// accept: src=['group:admins'] dst=['tag:server:443'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-R06", "timestamp": "2026-03-17T14:41:43Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-R07.json b/hscontrol/policy/v2/testdata/acl_results/ACL-R07.hujson similarity index 95% rename from hscontrol/policy/v2/testdata/acl_results/ACL-R07.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-R07.hujson index 03aaae95..c89bc7c3 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-R07.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-R07.hujson @@ -1,3 +1,11 @@ +// ACL-R07 +// +// ACLs: +// accept: src=['tag:client'] dst=['tag:server:22'] +// accept: src=['autogroup:member'] dst=['tag:prod:5432'] +// accept: src=['*'] dst=['autogroup:self:*'] +// +// Expected: Rules on tagged-prod, tagged-server, user-kris, user-mon, user1 { "test_id": "ACL-R07", "timestamp": "2026-03-17T14:41:53Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-R08.json b/hscontrol/policy/v2/testdata/acl_results/ACL-R08.hujson similarity index 95% rename from hscontrol/policy/v2/testdata/acl_results/ACL-R08.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-R08.hujson index dcdfb2aa..58a50912 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-R08.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-R08.hujson @@ -1,3 +1,11 @@ +// ACL-R08 +// +// ACLs: +// accept: src=['tag:client'] dst=['tag:server:22'] +// accept: src=['tag:server'] dst=['tag:prod:5432'] +// accept: src=['tag:prod'] dst=['tag:client:80'] +// +// Expected: Rules on tagged-client, tagged-prod, tagged-server { "test_id": "ACL-R08", "timestamp": "2026-03-17T14:42:04Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-R09.json b/hscontrol/policy/v2/testdata/acl_results/ACL-R09.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-R09.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-R09.hujson index ebdaaa45..f0616523 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-R09.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-R09.hujson @@ -1,3 +1,10 @@ +// ACL-R09 +// +// ACLs: +// accept: src=['autogroup:member'] dst=['autogroup:self:*'] +// accept: src=['autogroup:member'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server, user-kris, user-mon, user1 { "test_id": "ACL-R09", "timestamp": "2026-03-17T14:42:14Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-R10.json b/hscontrol/policy/v2/testdata/acl_results/ACL-R10.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-R10.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-R10.hujson index d1d309ee..30523edc 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-R10.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-R10.hujson @@ -1,3 +1,10 @@ +// ACL-R10 +// +// ACLs: +// accept: src=['*'] dst=['autogroup:self:*'] +// accept: src=['*'] dst=['autogroup:tagged:*'] +// +// Expected: Rules on 8 of 8 nodes { "test_id": "ACL-R10", "timestamp": "2026-03-17T14:42:25Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-RS01.json b/hscontrol/policy/v2/testdata/acl_results/ACL-RS01.hujson similarity index 95% rename from hscontrol/policy/v2/testdata/acl_results/ACL-RS01.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-RS01.hujson index 2d65dfd6..67b8aae9 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-RS01.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-RS01.hujson @@ -1,3 +1,8 @@ +// ACL-RS01 +// +// ACL: accept: src=['autogroup:member', 'group:admins', 'group:developers', 'kratail2tid@passkey', '100.90.199.68'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-RS01", "timestamp": "2026-03-17T14:42:35Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-RS02.json b/hscontrol/policy/v2/testdata/acl_results/ACL-RS02.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-RS02.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-RS02.hujson index f30290fd..03e6906d 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-RS02.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-RS02.hujson @@ -1,3 +1,8 @@ +// ACL-RS02 +// +// ACL: accept: src=['tag:server', 'webserver', '100.108.74.26'] dst=['tag:client:22'] +// +// Expected: Rules on tagged-client { "test_id": "ACL-RS02", "timestamp": "2026-03-17T14:42:45Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-RS03.json b/hscontrol/policy/v2/testdata/acl_results/ACL-RS03.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-RS03.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-RS03.hujson index cb66384a..0b919ee8 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-RS03.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-RS03.hujson @@ -1,3 +1,8 @@ +// ACL-RS03 +// +// ACL: accept: src=['tag:prod', 'prodbox', '100.103.8.15'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-RS03", "timestamp": "2026-03-17T14:42:56Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-RS04.json b/hscontrol/policy/v2/testdata/acl_results/ACL-RS04.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-RS04.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-RS04.hujson index 8508e476..4d226e8b 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-RS04.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-RS04.hujson @@ -1,3 +1,8 @@ +// ACL-RS04 +// +// ACL: accept: src=['autogroup:tagged', 'tag:server', 'tag:client', 'tag:prod', 'tag:router', 'tag:exit'] dst=['autogroup:member:22'] +// +// Expected: Rules on user-kris, user-mon, user1 { "test_id": "ACL-RS04", "timestamp": "2026-03-17T14:43:06Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-RS05.json b/hscontrol/policy/v2/testdata/acl_results/ACL-RS05.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-RS05.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-RS05.hujson index 07d4a5cd..e00e0de2 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-RS05.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-RS05.hujson @@ -1,3 +1,8 @@ +// ACL-RS05 +// +// ACL: accept: src=['tag:client'] dst=['tag:server:22', 'webserver:22', '100.108.74.26:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-RS05", "timestamp": "2026-03-17T14:43:17Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-RS06.json b/hscontrol/policy/v2/testdata/acl_results/ACL-RS06.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-RS06.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-RS06.hujson index e68f5dda..588d0aba 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-RS06.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-RS06.hujson @@ -1,3 +1,8 @@ +// ACL-RS06 +// +// ACL: accept: src=['tag:client'] dst=['group:admins:22', 'group:developers:22', 'kratail2tid@passkey:22', '100.90.199.68:22'] +// +// Expected: Rules on user-kris, user1 { "test_id": "ACL-RS06", "timestamp": "2026-03-17T14:43:27Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-RS07.json b/hscontrol/policy/v2/testdata/acl_results/ACL-RS07.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-RS07.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-RS07.hujson index 8d1ecdbe..d092dece 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-RS07.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-RS07.hujson @@ -1,3 +1,8 @@ +// ACL-RS07 +// +// ACL: accept: src=['tag:client'] dst=['tag:server:22', 'tag:server:80', 'tag:server:443', 'webserver:8080', '100.108.74.26:9000'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-RS07", "timestamp": "2026-03-17T14:43:38Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-S01.json b/hscontrol/policy/v2/testdata/acl_results/ACL-S01.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-S01.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-S01.hujson index 4692b91e..962b9bf4 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-S01.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-S01.hujson @@ -1,3 +1,8 @@ +// ACL-S01 +// +// ACL: accept: src=['autogroup:member'] dst=['autogroup:self:22'] +// +// Expected: Rules on user-kris, user-mon, user1 { "test_id": "ACL-S01", "timestamp": "2026-03-17T14:43:48Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-S02.json b/hscontrol/policy/v2/testdata/acl_results/ACL-S02.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-S02.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-S02.hujson index ea03aecb..b9d0edfb 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-S02.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-S02.hujson @@ -1,3 +1,8 @@ +// ACL-S02 +// +// ACL: accept: src=['group:admins'] dst=['autogroup:self:*'] +// +// Expected: Rules on user1 { "test_id": "ACL-S02", "timestamp": "2026-03-17T14:43:59Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-S03.json b/hscontrol/policy/v2/testdata/acl_results/ACL-S03.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-S03.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-S03.hujson index 63cb0c0c..4932dac4 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-S03.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-S03.hujson @@ -1,3 +1,8 @@ +// ACL-S03 +// +// ACL: accept: src=['group:developers'] dst=['autogroup:self:22'] +// +// Expected: Rules on user-kris, user1 { "test_id": "ACL-S03", "timestamp": "2026-03-17T14:44:09Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-S04.json b/hscontrol/policy/v2/testdata/acl_results/ACL-S04.hujson similarity index 88% rename from hscontrol/policy/v2/testdata/acl_results/ACL-S04.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-S04.hujson index 7e6119a2..16413db9 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-S04.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-S04.hujson @@ -1,3 +1,8 @@ +// ACL-S04 +// +// ACL: accept: src=['autogroup:tagged'] dst=['autogroup:self:*'] +// +// Expected: Error — autogroup:self can only be used with users, groups, or supported autogroups { "test_id": "ACL-S04", "timestamp": "2026-03-17T14:44:20Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-S05.json b/hscontrol/policy/v2/testdata/acl_results/ACL-S05.hujson similarity index 88% rename from hscontrol/policy/v2/testdata/acl_results/ACL-S05.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-S05.hujson index 45daa0a7..a60a6df9 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-S05.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-S05.hujson @@ -1,3 +1,8 @@ +// ACL-S05 +// +// ACL: accept: src=['100.90.199.68'] dst=['autogroup:self:*'] +// +// Expected: Error — autogroup:self can only be used with users, groups, or supported autogroups { "test_id": "ACL-S05", "timestamp": "2026-03-17T14:44:20Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-S06.json b/hscontrol/policy/v2/testdata/acl_results/ACL-S06.hujson similarity index 88% rename from hscontrol/policy/v2/testdata/acl_results/ACL-S06.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-S06.hujson index a5508ed5..2d932d59 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-S06.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-S06.hujson @@ -1,3 +1,8 @@ +// ACL-S06 +// +// ACL: accept: src=['webserver'] dst=['autogroup:self:*'] +// +// Expected: Error — autogroup:self can only be used with users, groups, or supported autogroups { "test_id": "ACL-S06", "timestamp": "2026-03-17T14:44:20Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-S07.json b/hscontrol/policy/v2/testdata/acl_results/ACL-S07.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-S07.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-S07.hujson index c3141b7e..6d8fab13 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-S07.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-S07.hujson @@ -1,3 +1,10 @@ +// ACL-S07 +// +// ACLs: +// accept: src=['*'] dst=['autogroup:self:*'] +// accept: src=['*'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server, user-kris, user-mon, user1 { "test_id": "ACL-S07", "timestamp": "2026-03-17T14:44:20Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-S08.json b/hscontrol/policy/v2/testdata/acl_results/ACL-S08.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-S08.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-S08.hujson index 886cd493..91ebfcb3 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-S08.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-S08.hujson @@ -1,3 +1,8 @@ +// ACL-S08 +// +// ACL: accept: src=['*'] dst=['autogroup:self:*', 'autogroup:member:22'] +// +// Expected: Rules on user-kris, user-mon, user1 { "test_id": "ACL-S08", "timestamp": "2026-03-17T14:44:31Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-S09.json b/hscontrol/policy/v2/testdata/acl_results/ACL-S09.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-S09.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-S09.hujson index e35526bd..6e30fcc3 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-S09.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-S09.hujson @@ -1,3 +1,8 @@ +// ACL-S09 +// +// ACL: accept: src=['*'] dst=['autogroup:self:22', 'autogroup:self:80'] +// +// Expected: Rules on user-kris, user-mon, user1 { "test_id": "ACL-S09", "timestamp": "2026-03-17T14:44:41Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-S10.json b/hscontrol/policy/v2/testdata/acl_results/ACL-S10.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-S10.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-S10.hujson index a85bede3..b3f66472 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-S10.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-S10.hujson @@ -1,3 +1,10 @@ +// ACL-S10 +// +// ACLs: +// accept: src=['*'] dst=['autogroup:self:22'] +// accept: src=['*'] dst=['autogroup:self:80'] +// +// Expected: Rules on user-kris, user-mon, user1 { "test_id": "ACL-S10", "timestamp": "2026-03-17T14:44:52Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-SF01.json b/hscontrol/policy/v2/testdata/acl_results/ACL-SF01.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-SF01.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-SF01.hujson index 7d1e770d..d9165c23 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-SF01.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-SF01.hujson @@ -1,3 +1,8 @@ +// ACL-SF01 +// +// ACL: accept: src=['autogroup:member'] dst=['autogroup:self:22'] +// +// Expected: Rules on user-kris, user-mon, user1 { "test_id": "ACL-SF01", "timestamp": "2026-03-17T14:45:02Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-SF02.json b/hscontrol/policy/v2/testdata/acl_results/ACL-SF02.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-SF02.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-SF02.hujson index 035a20db..65ac9574 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-SF02.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-SF02.hujson @@ -1,3 +1,8 @@ +// ACL-SF02 +// +// ACL: accept: src=['group:developers'] dst=['autogroup:self:*'] +// +// Expected: Rules on user-kris, user1 { "test_id": "ACL-SF02", "timestamp": "2026-03-17T14:45:13Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-SF03.json b/hscontrol/policy/v2/testdata/acl_results/ACL-SF03.hujson similarity index 88% rename from hscontrol/policy/v2/testdata/acl_results/ACL-SF03.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-SF03.hujson index 91a41445..7b0cbe91 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-SF03.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-SF03.hujson @@ -1,3 +1,8 @@ +// ACL-SF03 +// +// ACL: accept: src=['tag:client'] dst=['autogroup:self:*'] +// +// Expected: Error — autogroup:self can only be used with users, groups, or supported autogroups { "test_id": "ACL-SF03", "timestamp": "2026-03-17T14:45:23Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-SF04.json b/hscontrol/policy/v2/testdata/acl_results/ACL-SF04.hujson similarity index 88% rename from hscontrol/policy/v2/testdata/acl_results/ACL-SF04.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-SF04.hujson index 75219abd..6fad9191 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-SF04.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-SF04.hujson @@ -1,3 +1,8 @@ +// ACL-SF04 +// +// ACL: accept: src=['webserver'] dst=['autogroup:self:*'] +// +// Expected: Error — autogroup:self can only be used with users, groups, or supported autogroups { "test_id": "ACL-SF04", "timestamp": "2026-03-17T14:45:23Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-SF05.json b/hscontrol/policy/v2/testdata/acl_results/ACL-SF05.hujson similarity index 88% rename from hscontrol/policy/v2/testdata/acl_results/ACL-SF05.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-SF05.hujson index 07e9da1b..a12e8227 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-SF05.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-SF05.hujson @@ -1,3 +1,8 @@ +// ACL-SF05 +// +// ACL: accept: src=['100.90.199.68'] dst=['autogroup:self:*'] +// +// Expected: Error — autogroup:self can only be used with users, groups, or supported autogroups { "test_id": "ACL-SF05", "timestamp": "2026-03-17T14:45:24Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-SF06.json b/hscontrol/policy/v2/testdata/acl_results/ACL-SF06.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-SF06.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-SF06.hujson index 6a804012..84be509a 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-SF06.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-SF06.hujson @@ -1,3 +1,8 @@ +// ACL-SF06 +// +// ACL: accept: src=['*'] dst=['autogroup:self:*', 'tag:server:22'] +// +// Expected: Rules on tagged-server, user-kris, user-mon, user1 { "test_id": "ACL-SF06", "timestamp": "2026-03-17T14:45:24Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-SF07.json b/hscontrol/policy/v2/testdata/acl_results/ACL-SF07.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-SF07.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-SF07.hujson index d6808433..286a300e 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-SF07.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-SF07.hujson @@ -1,3 +1,8 @@ +// ACL-SF07 +// +// ACL: accept: src=['*'] dst=['autogroup:self:*', 'group:admins:22'] +// +// Expected: Rules on user-kris, user-mon, user1 { "test_id": "ACL-SF07", "timestamp": "2026-03-17T14:45:34Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-SF08.json b/hscontrol/policy/v2/testdata/acl_results/ACL-SF08.hujson similarity index 87% rename from hscontrol/policy/v2/testdata/acl_results/ACL-SF08.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-SF08.hujson index 65c76d48..52775691 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-SF08.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-SF08.hujson @@ -1,3 +1,8 @@ +// ACL-SF08 +// +// ACL: accept: src=['autogroup:member', 'tag:client'] dst=['autogroup:self:*'] +// +// Expected: Error — autogroup:self can only be used with users, groups, or supported autogroups { "test_id": "ACL-SF08", "timestamp": "2026-03-17T14:45:45Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-SF09.json b/hscontrol/policy/v2/testdata/acl_results/ACL-SF09.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-SF09.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-SF09.hujson index f794e3ce..7b3d9efa 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-SF09.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-SF09.hujson @@ -1,3 +1,10 @@ +// ACL-SF09 +// +// ACLs: +// accept: src=['*'] dst=['autogroup:self:22'] +// accept: src=['*'] dst=['autogroup:self:80'] +// +// Expected: Rules on user-kris, user-mon, user1 { "test_id": "ACL-SF09", "timestamp": "2026-03-17T14:45:45Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-SF10.json b/hscontrol/policy/v2/testdata/acl_results/ACL-SF10.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-SF10.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-SF10.hujson index 77833398..fb182f01 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-SF10.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-SF10.hujson @@ -1,3 +1,8 @@ +// ACL-SF10 +// +// ACL: accept: src=['*'] dst=['autogroup:self:22', 'autogroup:self:80'] +// +// Expected: Rules on user-kris, user-mon, user1 { "test_id": "ACL-SF10", "timestamp": "2026-03-17T14:45:55Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-SF11.json b/hscontrol/policy/v2/testdata/acl_results/ACL-SF11.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-SF11.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-SF11.hujson index cc974ad2..1efe4e60 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-SF11.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-SF11.hujson @@ -1,3 +1,8 @@ +// ACL-SF11 +// +// ACL: accept: src=['*'] dst=['autogroup:self:22', 'kratail2tid@passkey:22'] +// +// Expected: Rules on user-kris, user-mon, user1 { "test_id": "ACL-SF11", "timestamp": "2026-03-17T14:46:06Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-SF12.json b/hscontrol/policy/v2/testdata/acl_results/ACL-SF12.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-SF12.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-SF12.hujson index f8af20fd..0841551f 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-SF12.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-SF12.hujson @@ -1,3 +1,8 @@ +// ACL-SF12 +// +// ACL: accept: src=['kristoffer@dalby.cc'] dst=['autogroup:self:*'] +// +// Expected: Rules on user-kris { "test_id": "ACL-SF12", "timestamp": "2026-03-17T14:46:16Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-SF13.json b/hscontrol/policy/v2/testdata/acl_results/ACL-SF13.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-SF13.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-SF13.hujson index 79c1c8b0..b9e60aca 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-SF13.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-SF13.hujson @@ -1,3 +1,8 @@ +// ACL-SF13 +// +// ACL: accept: src=['group:monitors'] dst=['autogroup:self:22'] +// +// Expected: Rules on user-mon { "test_id": "ACL-SF13", "timestamp": "2026-03-17T14:46:27Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-T01.json b/hscontrol/policy/v2/testdata/acl_results/ACL-T01.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-T01.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-T01.hujson index 149a9198..c8722a6f 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-T01.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-T01.hujson @@ -1,3 +1,8 @@ +// ACL-T01 +// +// ACL: accept: src=['tag:client'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-T01", "timestamp": "2026-03-17T14:46:37Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-T02.json b/hscontrol/policy/v2/testdata/acl_results/ACL-T02.hujson similarity index 98% rename from hscontrol/policy/v2/testdata/acl_results/ACL-T02.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-T02.hujson index 9c5e196b..ca7e3fc9 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-T02.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-T02.hujson @@ -1,3 +1,8 @@ +// ACL-T02 +// +// ACL: accept: src=['tag:client'] dst=['*:*'] +// +// Expected: Rules on 8 of 8 nodes { "test_id": "ACL-T02", "timestamp": "2026-03-17T14:46:48Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-T03.json b/hscontrol/policy/v2/testdata/acl_results/ACL-T03.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-T03.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-T03.hujson index 4dc6b1f8..01e8598b 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-T03.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-T03.hujson @@ -1,3 +1,8 @@ +// ACL-T03 +// +// ACL: accept: src=['tag:client', 'tag:prod'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-T03", "timestamp": "2026-03-17T14:46:58Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-T04.json b/hscontrol/policy/v2/testdata/acl_results/ACL-T04.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-T04.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-T04.hujson index 93b3cc1d..7dfb0040 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-T04.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-T04.hujson @@ -1,3 +1,8 @@ +// ACL-T04 +// +// ACL: accept: src=['*'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-T04", "timestamp": "2026-03-17T14:47:09Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-T05.json b/hscontrol/policy/v2/testdata/acl_results/ACL-T05.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-T05.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-T05.hujson index 703a34db..bc8f3591 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-T05.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-T05.hujson @@ -1,3 +1,8 @@ +// ACL-T05 +// +// ACL: accept: src=['tag:client'] dst=['tag:server:22', 'tag:prod:5432', 'tag:router:80'] +// +// Expected: Rules on subnet-router, tagged-prod, tagged-server { "test_id": "ACL-T05", "timestamp": "2026-03-17T14:47:19Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-T06.json b/hscontrol/policy/v2/testdata/acl_results/ACL-T06.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-T06.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-T06.hujson index 42c17aa5..479a4380 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-T06.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-T06.hujson @@ -1,3 +1,8 @@ +// ACL-T06 +// +// ACL: accept: src=['autogroup:tagged'] dst=['tag:prod:5432'] +// +// Expected: Rules on tagged-prod { "test_id": "ACL-T06", "timestamp": "2026-03-17T14:47:29Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-T07.json b/hscontrol/policy/v2/testdata/acl_results/ACL-T07.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-T07.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-T07.hujson index 6c571700..8dd47d6f 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-T07.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-T07.hujson @@ -1,3 +1,8 @@ +// ACL-T07 +// +// ACL: accept: src=['tag:server'] dst=['tag:prod:5432'] +// +// Expected: Rules on tagged-prod { "test_id": "ACL-T07", "timestamp": "2026-03-17T14:47:40Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-T08.json b/hscontrol/policy/v2/testdata/acl_results/ACL-T08.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-T08.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-T08.hujson index 0254f34c..af127da1 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-T08.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-T08.hujson @@ -1,3 +1,8 @@ +// ACL-T08 +// +// ACL: accept: src=['tag:client', 'tag:server', 'tag:prod'] dst=['tag:router:*'] +// +// Expected: Rules on subnet-router { "test_id": "ACL-T08", "timestamp": "2026-03-17T14:47:50Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-T09.json b/hscontrol/policy/v2/testdata/acl_results/ACL-T09.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-T09.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-T09.hujson index f4cd54a1..9816989a 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-T09.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-T09.hujson @@ -1,3 +1,8 @@ +// ACL-T09 +// +// ACL: accept: src=['tag:client'] dst=['100.108.74.26:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-T09", "timestamp": "2026-03-17T14:48:01Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-T10.json b/hscontrol/policy/v2/testdata/acl_results/ACL-T10.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-T10.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-T10.hujson index f76b5f99..89576481 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-T10.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-T10.hujson @@ -1,3 +1,8 @@ +// ACL-T10 +// +// ACL: accept: src=['100.83.200.69'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-T10", "timestamp": "2026-03-17T14:48:11Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-U01.json b/hscontrol/policy/v2/testdata/acl_results/ACL-U01.hujson similarity index 98% rename from hscontrol/policy/v2/testdata/acl_results/ACL-U01.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-U01.hujson index 02f879ad..45e8f852 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-U01.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-U01.hujson @@ -1,3 +1,8 @@ +// ACL-U01 +// +// ACL: accept: src=['kratail2tid@passkey'] dst=['*:*'] +// +// Expected: Rules on 8 of 8 nodes { "test_id": "ACL-U01", "timestamp": "2026-03-17T14:48:22Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-U02.json b/hscontrol/policy/v2/testdata/acl_results/ACL-U02.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-U02.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-U02.hujson index 7583c176..03597cf2 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-U02.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-U02.hujson @@ -1,3 +1,8 @@ +// ACL-U02 +// +// ACL: accept: src=['*'] dst=['kratail2tid@passkey:*'] +// +// Expected: Rules on user1 { "test_id": "ACL-U02", "timestamp": "2026-03-17T14:48:32Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-U03.json b/hscontrol/policy/v2/testdata/acl_results/ACL-U03.hujson similarity index 98% rename from hscontrol/policy/v2/testdata/acl_results/ACL-U03.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-U03.hujson index dc3eec6a..11a3c5eb 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-U03.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-U03.hujson @@ -1,3 +1,8 @@ +// ACL-U03 +// +// ACL: accept: src=['group:admins'] dst=['*:*'] +// +// Expected: Rules on 8 of 8 nodes { "test_id": "ACL-U03", "timestamp": "2026-03-17T14:48:43Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-U04.json b/hscontrol/policy/v2/testdata/acl_results/ACL-U04.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-U04.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-U04.hujson index 2b1e93d4..9850ba12 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-U04.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-U04.hujson @@ -1,3 +1,8 @@ +// ACL-U04 +// +// ACL: accept: src=['*'] dst=['group:admins:*'] +// +// Expected: Rules on user1 { "test_id": "ACL-U04", "timestamp": "2026-03-17T14:48:53Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-U05.json b/hscontrol/policy/v2/testdata/acl_results/ACL-U05.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-U05.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-U05.hujson index c2aa7fef..d8bb3d50 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-U05.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-U05.hujson @@ -1,3 +1,8 @@ +// ACL-U05 +// +// ACL: accept: src=['group:developers'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-U05", "timestamp": "2026-03-17T14:49:03Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-U06.json b/hscontrol/policy/v2/testdata/acl_results/ACL-U06.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-U06.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-U06.hujson index 9a3712ca..433fce45 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-U06.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-U06.hujson @@ -1,3 +1,8 @@ +// ACL-U06 +// +// ACL: accept: src=['kratail2tid@passkey'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-U06", "timestamp": "2026-03-17T14:49:14Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-U07.json b/hscontrol/policy/v2/testdata/acl_results/ACL-U07.hujson similarity index 98% rename from hscontrol/policy/v2/testdata/acl_results/ACL-U07.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-U07.hujson index 72182012..b420d3f6 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-U07.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-U07.hujson @@ -1,3 +1,8 @@ +// ACL-U07 +// +// ACL: accept: src=['kristoffer@dalby.cc'] dst=['*:*'] +// +// Expected: Rules on 8 of 8 nodes { "test_id": "ACL-U07", "timestamp": "2026-03-17T14:49:24Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-U08.json b/hscontrol/policy/v2/testdata/acl_results/ACL-U08.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-U08.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-U08.hujson index 9fc3d8c3..58d7b34f 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-U08.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-U08.hujson @@ -1,3 +1,8 @@ +// ACL-U08 +// +// ACL: accept: src=['group:admins'] dst=['tag:server:22', 'tag:prod:5432'] +// +// Expected: Rules on tagged-prod, tagged-server { "test_id": "ACL-U08", "timestamp": "2026-03-17T14:49:35Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-U09.json b/hscontrol/policy/v2/testdata/acl_results/ACL-U09.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-U09.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-U09.hujson index f6da277e..c0a4d1a0 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-U09.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-U09.hujson @@ -1,3 +1,8 @@ +// ACL-U09 +// +// ACL: accept: src=['group:monitors'] dst=['tag:server:*'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-U09", "timestamp": "2026-03-17T14:49:45Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-U10.json b/hscontrol/policy/v2/testdata/acl_results/ACL-U10.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-U10.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-U10.hujson index 7bd1f2a9..4116ea36 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-U10.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-U10.hujson @@ -1,3 +1,8 @@ +// ACL-U10 +// +// ACL: accept: src=['group:empty'] dst=['*:*'] +// +// Expected: No filter rules { "test_id": "ACL-U10", "timestamp": "2026-03-17T14:49:56Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-U11.json b/hscontrol/policy/v2/testdata/acl_results/ACL-U11.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-U11.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-U11.hujson index 27d0b511..d2ef544b 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-U11.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-U11.hujson @@ -1,3 +1,8 @@ +// ACL-U11 +// +// ACL: accept: src=['kratail2tid@passkey', 'tag:client'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-U11", "timestamp": "2026-03-17T14:50:06Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-U12.json b/hscontrol/policy/v2/testdata/acl_results/ACL-U12.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/acl_results/ACL-U12.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-U12.hujson index c7e34cc9..5633999d 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-U12.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-U12.hujson @@ -1,3 +1,8 @@ +// ACL-U12 +// +// ACL: accept: src=['group:admins', 'tag:client'] dst=['tag:server:22'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-U12", "timestamp": "2026-03-17T14:50:17Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-W01.json b/hscontrol/policy/v2/testdata/acl_results/ACL-W01.hujson similarity index 98% rename from hscontrol/policy/v2/testdata/acl_results/ACL-W01.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-W01.hujson index 095e1def..1be7ad05 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-W01.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-W01.hujson @@ -1,3 +1,8 @@ +// ACL-W01 +// +// ACL: accept: src=['*'] dst=['*:*'] +// +// Expected: Rules on 8 of 8 nodes { "test_id": "ACL-W01", "timestamp": "2026-03-17T14:50:27Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-W02.json b/hscontrol/policy/v2/testdata/acl_results/ACL-W02.hujson similarity index 98% rename from hscontrol/policy/v2/testdata/acl_results/ACL-W02.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-W02.hujson index 6e8fa5da..0ccc8f2e 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-W02.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-W02.hujson @@ -1,3 +1,8 @@ +// ACL-W02 +// +// ACL: accept: src=['100.90.199.68'] dst=['*:*'] +// +// Expected: Rules on 8 of 8 nodes { "test_id": "ACL-W02", "timestamp": "2026-03-17T14:50:38Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-W03.json b/hscontrol/policy/v2/testdata/acl_results/ACL-W03.hujson similarity index 98% rename from hscontrol/policy/v2/testdata/acl_results/ACL-W03.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-W03.hujson index 1dbf0242..a323c82e 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-W03.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-W03.hujson @@ -1,3 +1,8 @@ +// ACL-W03 +// +// ACL: accept: src=['100.64.0.0/16'] dst=['*:*'] +// +// Expected: Rules on 8 of 8 nodes { "test_id": "ACL-W03", "timestamp": "2026-03-17T14:50:48Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-W04.json b/hscontrol/policy/v2/testdata/acl_results/ACL-W04.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-W04.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-W04.hujson index be6a784e..9ade48fb 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-W04.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-W04.hujson @@ -1,3 +1,8 @@ +// ACL-W04 +// +// ACL: accept: src=['*'] dst=['100.108.74.26:*'] +// +// Expected: Rules on tagged-server { "test_id": "ACL-W04", "timestamp": "2026-03-17T14:50:59Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-W05.json b/hscontrol/policy/v2/testdata/acl_results/ACL-W05.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/acl_results/ACL-W05.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-W05.hujson index 5e2beeb2..6b401804 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-W05.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-W05.hujson @@ -1,3 +1,8 @@ +// ACL-W05 +// +// ACL: accept: src=['*'] dst=['100.64.0.0/12:*'] +// +// Expected: No filter rules { "test_id": "ACL-W05", "timestamp": "2026-03-17T14:51:09Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-W06.json b/hscontrol/policy/v2/testdata/acl_results/ACL-W06.hujson similarity index 98% rename from hscontrol/policy/v2/testdata/acl_results/ACL-W06.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-W06.hujson index 1b0d4275..1129093a 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-W06.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-W06.hujson @@ -1,3 +1,8 @@ +// ACL-W06 +// +// ACL: accept: src=['*'] dst=['*:80'] +// +// Expected: Rules on 8 of 8 nodes { "test_id": "ACL-W06", "timestamp": "2026-03-17T14:51:20Z", diff --git a/hscontrol/policy/v2/testdata/acl_results/ACL-W07.json b/hscontrol/policy/v2/testdata/acl_results/ACL-W07.hujson similarity index 98% rename from hscontrol/policy/v2/testdata/acl_results/ACL-W07.json rename to hscontrol/policy/v2/testdata/acl_results/ACL-W07.hujson index 33aa72df..71cbe35a 100644 --- a/hscontrol/policy/v2/testdata/acl_results/ACL-W07.json +++ b/hscontrol/policy/v2/testdata/acl_results/ACL-W07.hujson @@ -1,3 +1,8 @@ +// ACL-W07 +// +// ACL: accept: src=['*'] dst=['*:443'] +// +// Expected: Rules on 8 of 8 nodes { "test_id": "ACL-W07", "timestamp": "2026-03-17T14:51:30Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-A1.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-A1.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-A1.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-A1.hujson index f6d8e417..7ad33eb5 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-A1.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-A1.hujson @@ -1,3 +1,8 @@ +// GRANT-A1 +// +// Grant: src=['*'] dst=['*'] app={example.com/cap/basic} +// +// Expected: Rules on 7 nodes { "test_id": "GRANT-A1", "timestamp": "2026-02-23T00:15:55Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-A2.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-A2.hujson similarity index 89% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-A2.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-A2.hujson index f0fb092c..f783ba96 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-A2.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-A2.hujson @@ -1,3 +1,8 @@ +// GRANT-A2 +// +// Grant: src=['*'] dst=['*'] app={https://tailscale.com/cap/ingress} +// +// Expected: Error (HTTP 400) — capability name must have the form {domain}/{path} { "test_id": "GRANT-A2", "description": "", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-A3.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-A3.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-A3.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-A3.hujson index 7be253ab..4b8b0f66 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-A3.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-A3.hujson @@ -1,3 +1,8 @@ +// GRANT-A3 +// +// Grant: src=['*'] dst=['*'] app={tailscale.com/cap/webui} +// +// Expected: Rules on 7 nodes { "test_id": "GRANT-A3", "timestamp": "2026-02-23T00:17:41Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-A4.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-A4.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-A4.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-A4.hujson index 09cc6dd1..628f09c7 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-A4.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-A4.hujson @@ -1,3 +1,8 @@ +// GRANT-A4 +// +// Grant: src=['*'] dst=['*'] app={tailscale.com/cap/relay} +// +// Expected: Rules on 7 nodes { "test_id": "GRANT-A4", "timestamp": "2026-02-23T00:18:54Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-A5.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-A5.hujson similarity index 89% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-A5.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-A5.hujson index 946933b7..9b8543eb 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-A5.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-A5.hujson @@ -1,3 +1,8 @@ +// GRANT-A5 +// +// Grant: src=['*'] dst=['*'] app={tailscale.com/cap/relay-target} +// +// Expected: Error (HTTP 400) — capability name must not be in the tailscale.com domain { "test_id": "GRANT-A5", "description": "", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-A6.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-A6.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-A6.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-A6.hujson index 6a5cfc2d..f44867f6 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-A6.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-A6.hujson @@ -1,3 +1,8 @@ +// GRANT-A6 +// +// Grant: src=['autogroup:member'] dst=['autogroup:self'] app={tailscale.com/cap/drive} +// +// Expected: Rules on user-kris, user-mon, user1 { "test_id": "GRANT-A6", "timestamp": "2026-02-23T00:20:13Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-B1.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-B1.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-B1.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-B1.hujson index 16c470ea..601ebca7 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-B1.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-B1.hujson @@ -1,3 +1,8 @@ +// GRANT-B1 +// +// Grant: src=['*'] dst=['tag:server'] app={tailscale.com/cap/kubernetes} +// +// Expected: Rules on tagged-server { "test_id": "GRANT-B1", "timestamp": "2026-02-23T00:21:26Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-B2.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-B2.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-B2.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-B2.hujson index 8637ad97..37f77123 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-B2.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-B2.hujson @@ -1,3 +1,8 @@ +// GRANT-B2 +// +// Grant: src=['*'] dst=['tag:server'] app={tailscale.com/cap/kubernetes} +// +// Expected: Rules on tagged-server { "test_id": "GRANT-B2", "timestamp": "2026-02-23T00:22:39Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-B3.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-B3.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-B3.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-B3.hujson index f6a139ad..45650204 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-B3.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-B3.hujson @@ -1,3 +1,8 @@ +// GRANT-B3 +// +// Grant: src=['*'] dst=['*'] app={tailscale.com/cap/drive} +// +// Expected: Rules on 7 nodes { "test_id": "GRANT-B3", "timestamp": "2026-02-23T00:23:52Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-B4.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-B4.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-B4.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-B4.hujson index 0d969cba..72910917 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-B4.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-B4.hujson @@ -1,3 +1,8 @@ +// GRANT-B4 +// +// Grant: src=['*'] dst=['*'] app={tailscale.com/cap/drive} +// +// Expected: Rules on 7 nodes { "test_id": "GRANT-B4", "timestamp": "2026-02-23T00:25:05Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-B5.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-B5.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-B5.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-B5.hujson index c016e89b..3c8ca624 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-B5.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-B5.hujson @@ -1,3 +1,8 @@ +// GRANT-B5 +// +// Grant: src=['*'] dst=['*'] app={tailscale.com/cap/drive} +// +// Expected: Rules on 7 nodes { "test_id": "GRANT-B5", "timestamp": "2026-02-23T00:26:19Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-C1.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-C1.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-C1.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-C1.hujson index 0ad0302d..60dc71d0 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-C1.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-C1.hujson @@ -1,3 +1,8 @@ +// GRANT-C1 +// +// Grant: src=['*'] dst=['*'] app={example.com/cap/test} +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-C1", "timestamp": "2026-02-23T00:28:11Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-C2.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-C2.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-C2.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-C2.hujson index f89a7da9..3640df85 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-C2.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-C2.hujson @@ -1,3 +1,8 @@ +// GRANT-C2 +// +// Grant: src=['*'] dst=['*'] app={example.com/cap/test} +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-C2", "timestamp": "2026-02-23T00:28:28Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-C3.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-C3.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-C3.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-C3.hujson index cb413f4c..9cb65fea 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-C3.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-C3.hujson @@ -1,3 +1,8 @@ +// GRANT-C3 +// +// Grant: src=['*'] dst=['*'] app={example.com/cap/test} +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-C3", "timestamp": "2026-02-23T00:28:45Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-C4.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-C4.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-C4.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-C4.hujson index ae549c4f..da6d51c4 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-C4.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-C4.hujson @@ -1,3 +1,8 @@ +// GRANT-C4 +// +// Grant: src=['*'] dst=['*'] app={example.com/cap/one,example.com/cap/two} +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-C4", "timestamp": "2026-02-23T00:29:02Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-C5.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-C5.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-C5.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-C5.hujson index 4218e377..b37e62bb 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-C5.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-C5.hujson @@ -1,3 +1,8 @@ +// GRANT-C5 +// +// Grant: src=['*'] dst=['*'] app={example.com/cap/complex} +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-C5", "timestamp": "2026-02-23T00:29:18Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-C6.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-C6.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-C6.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-C6.hujson index 0624b4ed..1d966ec9 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-C6.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-C6.hujson @@ -1,3 +1,8 @@ +// GRANT-C6 +// +// Grant: src=['*'] dst=['*'] app={example.com/cap/array} +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-C6", "timestamp": "2026-02-23T00:29:35Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-D1.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-D1.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-D1.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-D1.hujson index a67ae96f..9a1417e7 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-D1.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-D1.hujson @@ -1,3 +1,8 @@ +// GRANT-D1 +// +// Grant: src=['autogroup:member'] dst=['tag:server'] app={example.com/cap/test} +// +// Expected: Rules on tagged-server { "test_id": "GRANT-D1", "timestamp": "2026-02-23T00:29:52Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-D2.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-D2.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-D2.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-D2.hujson index 17b5087f..bf24acc7 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-D2.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-D2.hujson @@ -1,3 +1,8 @@ +// GRANT-D2 +// +// Grant: src=['autogroup:tagged'] dst=['tag:server'] app={example.com/cap/test} +// +// Expected: Rules on tagged-server { "test_id": "GRANT-D2", "timestamp": "2026-02-23T00:30:09Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-D3.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-D3.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-D3.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-D3.hujson index 75340779..0ee48dc3 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-D3.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-D3.hujson @@ -1,3 +1,8 @@ +// GRANT-D3 +// +// Grant: src=['group:admins'] dst=['tag:server'] app={example.com/cap/test} +// +// Expected: Rules on tagged-server { "test_id": "GRANT-D3", "timestamp": "2026-02-23T00:30:25Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-D4.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-D4.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-D4.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-D4.hujson index b88fae20..a817691f 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-D4.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-D4.hujson @@ -1,3 +1,8 @@ +// GRANT-D4 +// +// Grant: src=['kratail2tid@passkey'] dst=['tag:server'] app={example.com/cap/test} +// +// Expected: Rules on tagged-server { "test_id": "GRANT-D4", "timestamp": "2026-02-23T00:30:42Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-D5.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-D5.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-D5.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-D5.hujson index ee185b4c..22cddc51 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-D5.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-D5.hujson @@ -1,3 +1,8 @@ +// GRANT-D5 +// +// Grant: src=['tag:prod'] dst=['tag:server'] app={example.com/cap/test} +// +// Expected: Rules on tagged-server { "test_id": "GRANT-D5", "timestamp": "2026-02-23T00:30:59Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-D6.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-D6.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-D6.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-D6.hujson index 98d092ae..9a012347 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-D6.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-D6.hujson @@ -1,3 +1,8 @@ +// GRANT-D6 +// +// Grant: src=['100.90.199.68'] dst=['tag:server'] app={example.com/cap/test} +// +// Expected: Rules on tagged-server { "test_id": "GRANT-D6", "timestamp": "2026-02-23T00:31:16Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-D7.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-D7.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-D7.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-D7.hujson index 5c749dec..45eff2de 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-D7.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-D7.hujson @@ -1,3 +1,8 @@ +// GRANT-D7 +// +// Grant: src=['autogroup:member', 'tag:prod'] dst=['tag:server'] app={example.com/cap/test} +// +// Expected: Rules on tagged-server { "test_id": "GRANT-D7", "timestamp": "2026-02-23T00:31:33Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-E1.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-E1.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-E1.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-E1.hujson index f5b82396..a5ee337e 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-E1.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-E1.hujson @@ -1,3 +1,8 @@ +// GRANT-E1 +// +// Grant: src=['*'] dst=['tag:server'] app={example.com/cap/test} +// +// Expected: Rules on tagged-server { "test_id": "GRANT-E1", "timestamp": "2026-02-23T00:31:50Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-E2.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-E2.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-E2.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-E2.hujson index e67ddbf1..7a1f5bb9 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-E2.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-E2.hujson @@ -1,3 +1,8 @@ +// GRANT-E2 +// +// Grant: src=['*'] dst=['tag:server', 'tag:prod'] app={example.com/cap/test} +// +// Expected: Rules on tagged-prod, tagged-server { "test_id": "GRANT-E2", "timestamp": "2026-02-23T00:32:07Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-E3.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-E3.hujson similarity index 89% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-E3.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-E3.hujson index 86b4a55b..b7afd28d 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-E3.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-E3.hujson @@ -1,3 +1,8 @@ +// GRANT-E3 +// +// Grant: src=['*'] dst=['autogroup:self'] app={tailscale.com/cap/drive} +// +// Expected: Error (HTTP 400) — autogroup:self can only be used with users, groups, or supported autogroups { "test_id": "GRANT-E3", "description": "", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-E4.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-E4.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-E4.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-E4.hujson index 89bef1bc..df5ef74f 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-E4.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-E4.hujson @@ -1,3 +1,8 @@ +// GRANT-E4 +// +// Grant: src=['*'] dst=['autogroup:member'] app={example.com/cap/test} +// +// Expected: Rules on user-kris, user-mon, user1 { "test_id": "GRANT-E4", "timestamp": "2026-02-23T00:32:23Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-E5.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-E5.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-E5.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-E5.hujson index ad3ef279..f3be1fbc 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-E5.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-E5.hujson @@ -1,3 +1,8 @@ +// GRANT-E5 +// +// Grant: src=['*'] dst=['autogroup:tagged'] app={example.com/cap/test} +// +// Expected: Rules on exit-node, subnet-router, tagged-client, tagged-prod, tagged-server { "test_id": "GRANT-E5", "timestamp": "2026-02-23T00:32:40Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-E6.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-E6.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-E6.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-E6.hujson index b2f28b19..4aafe410 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-E6.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-E6.hujson @@ -1,3 +1,8 @@ +// GRANT-E6 +// +// Grant: src=['*'] dst=['group:admins'] app={example.com/cap/test} +// +// Expected: Rules on user1 { "test_id": "GRANT-E6", "timestamp": "2026-02-23T00:32:57Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-E7.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-E7.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-E7.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-E7.hujson index a092c24a..371ad598 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-E7.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-E7.hujson @@ -1,3 +1,8 @@ +// GRANT-E7 +// +// Grant: src=['*'] dst=['kratail2tid@passkey'] app={example.com/cap/test} +// +// Expected: Rules on user1 { "test_id": "GRANT-E7", "timestamp": "2026-02-23T00:33:14Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-E8.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-E8.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-E8.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-E8.hujson index 1f9676a7..55661838 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-E8.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-E8.hujson @@ -1,3 +1,8 @@ +// GRANT-E8 +// +// Grant: src=['*'] dst=['100.108.74.26'] app={example.com/cap/test} +// +// Expected: Rules on tagged-server { "test_id": "GRANT-E8", "timestamp": "2026-02-23T00:33:31Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-F1.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-F1.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-F1.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-F1.hujson index 95385f54..b1ae7d00 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-F1.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-F1.hujson @@ -1,3 +1,8 @@ +// GRANT-F1 +// +// Grant: src=['*'] dst=['tag:server'] ip=['tcp:80', 'tcp:443'] app={tailscale.com/cap/kubernetes} +// +// Expected: Rules on tagged-server { "test_id": "GRANT-F1", "timestamp": "2026-02-23T00:33:47Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-F2.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-F2.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-F2.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-F2.hujson index 318c6340..1f87438b 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-F2.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-F2.hujson @@ -1,3 +1,8 @@ +// GRANT-F2 +// +// Grant: src=['autogroup:member'] dst=['tag:server'] ip=['*'] app={example.com/cap/test} +// +// Expected: Rules on tagged-server { "test_id": "GRANT-F2", "timestamp": "2026-02-23T00:34:04Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-F3.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-F3.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-F3.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-F3.hujson index ee28ec06..94e1f81d 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-F3.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-F3.hujson @@ -1,3 +1,10 @@ +// GRANT-F3 +// +// Grants: +// src=['*'] dst=['tag:server'] ip=['tcp:80', 'tcp:443'] +// src=['*'] dst=['tag:server'] app={tailscale.com/cap/kubernetes} +// +// Expected: Rules on tagged-server { "test_id": "GRANT-F3", "timestamp": "2026-02-23T00:34:21Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-F4.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-F4.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-F4.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-F4.hujson index e8600c6d..7067e68b 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-F4.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-F4.hujson @@ -1,3 +1,8 @@ +// GRANT-F4 +// +// Grant: src=['*'] dst=['*'] ip=['tcp:443'] app={tailscale.com/cap/drive,example.com/cap/extra} +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-F4", "timestamp": "2026-02-23T00:34:38Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-G1.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-G1.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-G1.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-G1.hujson index ebdf0da0..9e9e9c38 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-G1.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-G1.hujson @@ -1,3 +1,10 @@ +// GRANT-G1 +// +// Grants: +// src=['*'] dst=['tag:server'] app={example.com/cap/one} +// src=['*'] dst=['tag:server'] app={example.com/cap/two} +// +// Expected: Rules on tagged-server { "test_id": "GRANT-G1", "timestamp": "2026-02-23T00:34:55Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-G2.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-G2.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-G2.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-G2.hujson index 4e9d2b13..3d6225d8 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-G2.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-G2.hujson @@ -1,3 +1,10 @@ +// GRANT-G2 +// +// Grants: +// src=['*'] dst=['tag:server'] app={example.com/cap/test} +// src=['*'] dst=['tag:server'] app={example.com/cap/test} +// +// Expected: Rules on tagged-server { "test_id": "GRANT-G2", "timestamp": "2026-02-23T00:35:12Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-G3.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-G3.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-G3.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-G3.hujson index 2062ad30..8c15c762 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-G3.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-G3.hujson @@ -1,3 +1,10 @@ +// GRANT-G3 +// +// Grants: +// src=['*'] dst=['tag:server'] app={example.com/cap/test} +// src=['tag:client'] dst=['tag:server'] app={example.com/cap/test} +// +// Expected: Rules on tagged-server { "test_id": "GRANT-G3", "timestamp": "2026-02-23T00:35:28Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-G4.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-G4.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-G4.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-G4.hujson index 7dca87e7..5141ac54 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-G4.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-G4.hujson @@ -1,3 +1,10 @@ +// GRANT-G4 +// +// Grants: +// src=['*'] dst=['tag:server'] app={example.com/cap/test} +// src=['*'] dst=['tag:server'] ip=['tcp:80'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-G4", "timestamp": "2026-02-23T00:35:45Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-G5.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-G5.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-G5.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-G5.hujson index e9891cf0..0206a108 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-G5.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-G5.hujson @@ -1,3 +1,11 @@ +// GRANT-G5 +// +// Grants: +// src=['*'] dst=['*'] ip=['*'] +// src=['tag:client'] dst=['tag:server'] app={example.com/cap/test} +// src=['autogroup:member'] dst=['tag:server'] ip=['tcp:443'] +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-G5", "timestamp": "2026-02-23T00:36:02Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-G6.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-G6.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-G6.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-G6.hujson index 7bec7b67..01707dec 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-G6.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-G6.hujson @@ -1,3 +1,10 @@ +// GRANT-G6 +// +// Grants: +// src=['*'] dst=['*'] app={example.com/cap/test} +// src=['*'] dst=['tag:server'] app={example.com/cap/test} +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-G6", "timestamp": "2026-02-23T00:36:19Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-H1.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-H1.hujson similarity index 92% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-H1.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-H1.hujson index 9f6e652a..eb1c0941 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-H1.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-H1.hujson @@ -1,3 +1,8 @@ +// GRANT-H1 +// +// Grant: src=['*'] dst=['*'] +// +// Expected: Error (HTTP 400) — ip and app can not both be empty { "test_id": "GRANT-H1", "description": "", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-H10.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-H10.hujson similarity index 89% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-H10.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-H10.hujson index fcbc39d3..c60e285a 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-H10.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-H10.hujson @@ -1,3 +1,8 @@ +// GRANT-H10 +// +// Grant: src=['autogroup:self'] dst=['*'] app={example.com/cap/test} +// +// Expected: Error (HTTP 400) — "autogroup:self" not valid on the src side of a rule { "test_id": "GRANT-H10", "description": "", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-H2.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-H2.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-H2.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-H2.hujson index 59401296..8b938c9d 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-H2.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-H2.hujson @@ -1,3 +1,8 @@ +// GRANT-H2 +// +// Grant: src=['*'] dst=['*'] app={example.com/cap/test} +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-H2", "timestamp": "2026-02-23T00:36:36Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-H3.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-H3.hujson similarity index 92% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-H3.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-H3.hujson index af9ebd33..48d3f2d3 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-H3.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-H3.hujson @@ -1,3 +1,8 @@ +// GRANT-H3 +// +// Grant: src=['*'] dst=['*'] +// +// Expected: Error (HTTP 400) — ip and app can not both be empty { "test_id": "GRANT-H3", "description": "", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-H4.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-H4.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-H4.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-H4.hujson index c2915684..ec0afa57 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-H4.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-H4.hujson @@ -1,3 +1,8 @@ +// GRANT-H4 +// +// Grant: src=[] dst=['*'] app={example.com/cap/test} +// +// Expected: No filter rules on any node { "test_id": "GRANT-H4", "timestamp": "2026-02-23T00:36:53Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-H5.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-H5.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-H5.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-H5.hujson index 1e841294..4ea34273 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-H5.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-H5.hujson @@ -1,3 +1,8 @@ +// GRANT-H5 +// +// Grant: src=['*'] dst=[] app={example.com/cap/test} +// +// Expected: No filter rules on any node { "test_id": "GRANT-H5", "timestamp": "2026-02-23T00:37:10Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-H6.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-H6.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-H6.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-H6.hujson index f052ad1e..7d2049d7 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-H6.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-H6.hujson @@ -1,3 +1,8 @@ +// GRANT-H6 +// +// Grant: src=['group:empty'] dst=['*'] app={example.com/cap/test} +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-H6", "timestamp": "2026-02-23T00:37:27Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-H7.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-H7.hujson similarity index 90% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-H7.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-H7.hujson index cfe2ffef..c34b843b 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-H7.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-H7.hujson @@ -1,3 +1,8 @@ +// GRANT-H7 +// +// Grant: src=['tag:nonexistent'] dst=['*'] app={example.com/cap/test} +// +// Expected: Error (HTTP 400) — src=tag not found: "tag:nonexistent" { "test_id": "GRANT-H7", "description": "", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-H8.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-H8.hujson similarity index 92% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-H8.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-H8.hujson index 4a0a0b80..1cf7fec3 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-H8.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-H8.hujson @@ -1,3 +1,8 @@ +// GRANT-H8 +// +// Grant: src=['*'] dst=['*'] +// +// Expected: Error (HTTP 400) — ip and app can not both be empty { "test_id": "GRANT-H8", "description": "", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-H9.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-H9.hujson similarity index 88% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-H9.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-H9.hujson index 04bc4a01..5f80bed9 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-H9.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-H9.hujson @@ -1,3 +1,8 @@ +// GRANT-H9 +// +// Grant: src=['*'] dst=['autogroup:self'] app={example.com/cap/test} +// +// Expected: Error (HTTP 400) — autogroup:self can only be used with users, groups, or supported autogroups { "test_id": "GRANT-H9", "description": "", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-I1.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-I1.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-I1.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-I1.hujson index 082593d6..c1036a1c 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-I1.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-I1.hujson @@ -1,3 +1,8 @@ +// GRANT-I1 +// +// Grant: src=['*'] dst=['10.33.0.0/16'] via=['tag:router'] ip=['*'] +// +// Expected: Rules on subnet-router { "test_id": "GRANT-I1", "timestamp": "2026-02-23T00:37:45Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-I2.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-I2.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-I2.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-I2.hujson index 19df2802..ab512719 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-I2.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-I2.hujson @@ -1,3 +1,8 @@ +// GRANT-I2 +// +// Grant: src=['*'] dst=['10.33.0.0/16'] via=['tag:router'] ip=['tcp:80'] +// +// Expected: Rules on subnet-router { "test_id": "GRANT-I2", "timestamp": "2026-02-23T00:38:02Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-I3.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-I3.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-I3.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-I3.hujson index b8abd3f4..90fbc8a2 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-I3.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-I3.hujson @@ -1,3 +1,8 @@ +// GRANT-I3 +// +// Grant: src=['*'] dst=['10.33.0.0/16'] via=['tag:router', 'tag:exit'] ip=['*'] +// +// Expected: Rules on subnet-router { "test_id": "GRANT-I3", "timestamp": "2026-02-23T00:38:18Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-I4.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-I4.hujson similarity index 91% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-I4.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-I4.hujson index 58a2dea9..3619e2d1 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-I4.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-I4.hujson @@ -1,3 +1,8 @@ +// GRANT-I4 +// +// Grant: src=['*'] dst=['10.33.0.0/16'] via=['autogroup:tagged'] ip=['*'] +// +// Expected: Error (HTTP 400) — via can only be a tag { "test_id": "GRANT-I4", "description": "", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-J1.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-J1.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-J1.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-J1.hujson index bc1a547c..d7c5e3f9 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-J1.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-J1.hujson @@ -1,3 +1,8 @@ +// GRANT-J1 +// +// Grant: src=['*'] dst=['tag:server'] ip=['tcp:22'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-J1", "timestamp": "2026-02-23T00:38:36Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-J2.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-J2.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-J2.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-J2.hujson index 961a9511..f8d75ec3 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-J2.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-J2.hujson @@ -1,3 +1,8 @@ +// GRANT-J2 +// +// Grant: src=['*'] dst=['tag:server'] ip=['udp:53'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-J2", "timestamp": "2026-02-23T00:38:53Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-J3.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-J3.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-J3.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-J3.hujson index ff513b37..a2f687ef 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-J3.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-J3.hujson @@ -1,3 +1,8 @@ +// GRANT-J3 +// +// Grant: src=['*'] dst=['tag:server'] ip=['*'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-J3", "timestamp": "2026-02-23T00:39:09Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-J4.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-J4.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-J4.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-J4.hujson index 31831019..024ae19b 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-J4.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-J4.hujson @@ -1,3 +1,8 @@ +// GRANT-J4 +// +// Grant: src=['*'] dst=['tag:server'] ip=['tcp:80', 'udp:53', 'tcp:443'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-J4", "timestamp": "2026-02-23T00:39:26Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-J5.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-J5.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-J5.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-J5.hujson index de9a0e70..9df3cea2 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-J5.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-J5.hujson @@ -1,3 +1,8 @@ +// GRANT-J5 +// +// Grant: src=['*'] dst=['tag:server'] ip=['tcp:80-443'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-J5", "timestamp": "2026-02-23T00:39:43Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-J6.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-J6.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-J6.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-J6.hujson index 453add9b..4f4c2ea3 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-J6.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-J6.hujson @@ -1,3 +1,8 @@ +// GRANT-J6 +// +// Grant: src=['*'] dst=['tag:server'] ip=['80'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-J6", "timestamp": "2026-02-23T00:40:00Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-J7.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-J7.hujson similarity index 91% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-J7.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-J7.hujson index 8b574e92..4c4ffbec 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-J7.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-J7.hujson @@ -1,3 +1,8 @@ +// GRANT-J7 +// +// Grant: src=['*'] dst=['tag:server'] ip=['icmp'] +// +// Expected: Error (HTTP 400) — port range "icmp": invalid first integer { "test_id": "GRANT-J7", "description": "", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-K1.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-K1.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-K1.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-K1.hujson index e307a80d..c96adb38 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-K1.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-K1.hujson @@ -1,3 +1,9 @@ +// GRANT-K1 +// +// ACLs: +// accept: src=['*'] dst=['*:*'] +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-K1", "timestamp": "2026-02-23T02:53:51Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-K10.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-K10.hujson similarity index 89% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-K10.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-K10.hujson index 0bfdd4b4..0deb2029 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-K10.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-K10.hujson @@ -1,3 +1,8 @@ +// GRANT-K10 +// +// Grant: src=['*'] dst=['*'] app={tailscale.com/cap/funnel} +// +// Expected: Error (HTTP 400) — capability name must not be in the tailscale.com domain { "test_id": "GRANT-K10", "description": "", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-K11.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-K11.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-K11.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-K11.hujson index 439d13e2..e41b21ee 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-K11.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-K11.hujson @@ -1,3 +1,8 @@ +// GRANT-K11 +// +// Grant: src=['*'] dst=['*'] app={tailscale.com/cap/webui,...} (4 caps) +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-K11", "timestamp": "2026-02-23T02:55:39Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-K12.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-K12.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-K12.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-K12.hujson index d1acf460..c37eef27 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-K12.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-K12.hujson @@ -1,3 +1,8 @@ +// GRANT-K12 +// +// Grant: src=['*'] dst=['10.33.0.0/16'] via=['tag:router'] app={example.com/cap/subnet-access} +// +// Expected: No filter rules on any node { "test_id": "GRANT-K12", "timestamp": "2026-02-23T02:55:55Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-K13.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-K13.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-K13.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-K13.hujson index 16bb593a..5733bc6f 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-K13.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-K13.hujson @@ -1,3 +1,8 @@ +// GRANT-K13 +// +// Grant: src=['*'] dst=['10.33.0.0/16'] via=['tag:router'] ip=['tcp:80'] app={example.com/cap/subnet-access} +// +// Expected: Rules on subnet-router { "test_id": "GRANT-K13", "timestamp": "2026-02-23T02:56:12Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-K14.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-K14.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-K14.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-K14.hujson index 6bdd1ce4..3b6a9c39 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-K14.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-K14.hujson @@ -1,3 +1,8 @@ +// GRANT-K14 +// +// Grant: src=['fd7a:115c:a1e0::c537:c845'] dst=['tag:server'] ip=['tcp:22'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-K14", "timestamp": "2026-02-23T02:56:28Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-K15.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-K15.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-K15.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-K15.hujson index da53a921..19b1c914 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-K15.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-K15.hujson @@ -1,3 +1,8 @@ +// GRANT-K15 +// +// Grant: src=['*'] dst=['fd7a:115c:a1e0::b901:4a87'] ip=['tcp:22'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-K15", "timestamp": "2026-02-23T02:56:45Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-K16.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-K16.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-K16.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-K16.hujson index 9481e699..56d8492c 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-K16.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-K16.hujson @@ -1,3 +1,10 @@ +// GRANT-K16 +// +// Grants: +// src=['tag:client'] dst=['tag:server'] ip=['tcp:22'] +// src=['*'] dst=['*'] ip=['*'] +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-K16", "timestamp": "2026-02-23T02:57:02Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-K17.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-K17.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-K17.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-K17.hujson index 8c11fe5b..f87deb74 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-K17.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-K17.hujson @@ -1,3 +1,10 @@ +// GRANT-K17 +// +// Grants: +// src=['*'] dst=['*'] ip=['*'] +// src=['tag:client'] dst=['tag:server'] ip=['tcp:22'] +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-K17", "timestamp": "2026-02-23T02:57:18Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-K18.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-K18.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-K18.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-K18.hujson index b8eb320f..00776f73 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-K18.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-K18.hujson @@ -1,3 +1,10 @@ +// GRANT-K18 +// +// Grants: +// src=['*'] dst=['*'] app={example.com/cap/one} +// src=['*'] dst=['*'] app={example.com/cap/two} +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-K18", "timestamp": "2026-02-23T02:57:35Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-K19.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-K19.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-K19.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-K19.hujson index 876af178..69390bae 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-K19.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-K19.hujson @@ -1,3 +1,10 @@ +// GRANT-K19 +// +// Grants: +// src=['*'] dst=['*'] app={example.com/cap/test} +// src=['*'] dst=['*'] app={example.com/cap/test} +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-K19", "timestamp": "2026-02-23T02:57:52Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-K2.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-K2.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-K2.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-K2.hujson index 8e28b0d4..f00b8d2d 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-K2.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-K2.hujson @@ -1,3 +1,8 @@ +// GRANT-K2 +// +// Grant: src=['*'] dst=['*'] ip=['*'] +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-K2", "timestamp": "2026-02-23T02:54:08Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-K20.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-K20.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-K20.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-K20.hujson index 837415a1..e3710b81 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-K20.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-K20.hujson @@ -1,3 +1,8 @@ +// GRANT-K20 +// +// Grant: src=['user:*@passkey'] dst=['tag:server'] ip=['tcp:22'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-K20", "timestamp": "2026-02-23T02:58:08Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-K21.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-K21.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-K21.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-K21.hujson index 03bd5192..5d42367c 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-K21.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-K21.hujson @@ -1,3 +1,8 @@ +// GRANT-K21 +// +// Grant: src=['*'] dst=['user:*@passkey'] ip=['tcp:22'] +// +// Expected: Rules on user-mon, user1 { "test_id": "GRANT-K21", "timestamp": "2026-02-23T02:58:30Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-K22.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-K22.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-K22.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-K22.hujson index 8b2968ea..02b83af5 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-K22.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-K22.hujson @@ -1,3 +1,8 @@ +// GRANT-K22 +// +// Grant: src=['*'] dst=['tag:server'] ip=['47'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-K22", "timestamp": "2026-02-23T02:58:46Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-K23.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-K23.hujson similarity index 89% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-K23.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-K23.hujson index bfb6153a..794d2932 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-K23.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-K23.hujson @@ -1,3 +1,8 @@ +// GRANT-K23 +// +// Grant: src=['*'] dst=['tag:server'] ip=['tcp:0'] +// +// Expected: Error (HTTP 400) — port range "0": first port must be >0, or use '*' for wildcard { "test_id": "GRANT-K23", "description": "", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-K24.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-K24.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-K24.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-K24.hujson index 72f2838e..d725364f 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-K24.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-K24.hujson @@ -1,3 +1,8 @@ +// GRANT-K24 +// +// Grant: src=['*'] dst=['*'] app={example.com/a/b/c/d/e/f} +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-K24", "timestamp": "2026-02-23T02:59:03Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-K25.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-K25.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-K25.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-K25.hujson index 2530cebd..0a4ed47e 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-K25.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-K25.hujson @@ -1,3 +1,8 @@ +// GRANT-K25 +// +// Grant: src=['*'] dst=['*'] app={my-company.internal/cap/access} +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-K25", "timestamp": "2026-02-23T02:59:19Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-K26.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-K26.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-K26.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-K26.hujson index 921eeeb4..e41b19eb 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-K26.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-K26.hujson @@ -1,3 +1,8 @@ +// GRANT-K26 +// +// Grant: src=['autogroup:member'] dst=['autogroup:member', 'autogroup:tagged'] ip=['*'] +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-K26", "timestamp": "2026-02-23T02:59:36Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-K27.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-K27.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-K27.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-K27.hujson index ba91ee96..eadd45b6 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-K27.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-K27.hujson @@ -1,3 +1,8 @@ +// GRANT-K27 +// +// Grant: src=['autogroup:member'] dst=['autogroup:self'] app={example.com/cap/self-service} +// +// Expected: Rules on user-kris, user-mon, user1 { "test_id": "GRANT-K27", "timestamp": "2026-02-23T02:59:53Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-K28.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-K28.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-K28.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-K28.hujson index d7f14dc9..4a89b98f 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-K28.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-K28.hujson @@ -1,3 +1,8 @@ +// GRANT-K28 +// +// Grant: src=['autogroup:member'] dst=['autogroup:self'] ip=['*'] app={tailscale.com/cap/drive} +// +// Expected: Rules on user-kris, user-mon, user1 { "test_id": "GRANT-K28", "timestamp": "2026-02-23T03:00:09Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-K29.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-K29.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-K29.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-K29.hujson index 5528eef1..d7fdf932 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-K29.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-K29.hujson @@ -1,3 +1,6 @@ +// GRANT-K29 +// +// Expected: No filter rules on any node { "test_id": "GRANT-K29", "timestamp": "2026-02-23T03:00:26Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-K3.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-K3.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-K3.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-K3.hujson index 2cd9350d..00862f4c 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-K3.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-K3.hujson @@ -1,3 +1,9 @@ +// GRANT-K3 +// +// Grant: src=['*'] dst=['tag:server'] app={example.com/cap/test} +// Also has ACLs +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-K3", "timestamp": "2026-02-23T02:54:24Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-K30.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-K30.hujson similarity index 89% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-K30.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-K30.hujson index c627a008..06e64c0a 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-K30.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-K30.hujson @@ -1,3 +1,8 @@ +// GRANT-K30 +// +// Grant: src=['*'] dst=['10.33.0.0/16'] via=['tag:router', 'tag:nonexistent'] ip=['*'] +// +// Expected: Error (HTTP 400) — tag "tag:nonexistent" not found { "test_id": "GRANT-K30", "description": "", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-K4.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-K4.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-K4.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-K4.hujson index d8652e4e..6beb03e0 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-K4.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-K4.hujson @@ -1,3 +1,9 @@ +// GRANT-K4 +// +// Grant: src=['*'] dst=['tag:server'] ip=['tcp:80', 'tcp:443'] +// Also has ACLs +// +// Expected: Rules on tagged-server { "test_id": "GRANT-K4", "timestamp": "2026-02-23T02:54:40Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-K5.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-K5.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-K5.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-K5.hujson index 91412c77..22fe3877 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-K5.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-K5.hujson @@ -1,3 +1,11 @@ +// GRANT-K5 +// +// Grants: +// src=['autogroup:member'] dst=['tag:server'] app={tailscale.com/cap/kubernetes} +// src=['*'] dst=['10.33.0.0/16'] via=['tag:router'] ip=['*'] +// Also has ACLs +// +// Expected: Rules on subnet-router, tagged-server { "test_id": "GRANT-K5", "timestamp": "2026-02-23T02:54:57Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-K6.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-K6.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-K6.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-K6.hujson index e19ffc06..d065062c 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-K6.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-K6.hujson @@ -1,3 +1,8 @@ +// GRANT-K6 +// +// Grant: src=['autogroup:danger-all'] dst=['tag:server'] ip=['tcp:22'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-K6", "timestamp": "2026-02-23T02:55:13Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-K7.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-K7.hujson similarity index 90% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-K7.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-K7.hujson index 0d244702..a1de9767 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-K7.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-K7.hujson @@ -1,3 +1,8 @@ +// GRANT-K7 +// +// Grant: src=['*'] dst=['autogroup:danger-all'] ip=['tcp:22'] +// +// Expected: Error (HTTP 400) — cannot use autogroup:danger-all as a dst { "test_id": "GRANT-K7", "description": "", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-K8.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-K8.hujson similarity index 89% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-K8.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-K8.hujson index 1316d682..0107edd3 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-K8.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-K8.hujson @@ -1,3 +1,8 @@ +// GRANT-K8 +// +// Grant: src=['autogroup:danger-all'] dst=['autogroup:danger-all'] ip=['*'] +// +// Expected: Error (HTTP 400) — cannot use autogroup:danger-all as a dst { "test_id": "GRANT-K8", "description": "", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-K9.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-K9.hujson similarity index 89% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-K9.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-K9.hujson index 4488362b..61b9601d 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-K9.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-K9.hujson @@ -1,3 +1,8 @@ +// GRANT-K9 +// +// Grant: src=['*'] dst=['*'] app={tailscale.com/cap/ingress} +// +// Expected: Error (HTTP 400) — capability name must not be in the tailscale.com domain { "test_id": "GRANT-K9", "description": "", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P01_1.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P01_1.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P01_1.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P01_1.hujson index 7dee1d31..1ea6de3e 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P01_1.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P01_1.hujson @@ -1,3 +1,8 @@ +// GRANT-P01_1 +// +// Grant: src=['*'] dst=['*'] ip=['*'] +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-P01_1", "timestamp": "2026-02-23T00:42:55Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P01_2.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P01_2.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P01_2.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P01_2.hujson index d4bc423b..e822a619 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P01_2.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P01_2.hujson @@ -1,3 +1,8 @@ +// GRANT-P01_2 +// +// Grant: src=['100.90.199.68'] dst=['*'] ip=['*'] +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-P01_2", "timestamp": "2026-02-23T00:43:12Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P01_3.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P01_3.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P01_3.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P01_3.hujson index e5f87a46..02eabb4c 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P01_3.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P01_3.hujson @@ -1,3 +1,8 @@ +// GRANT-P01_3 +// +// Grant: src=['100.64.0.0/16'] dst=['*'] ip=['*'] +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-P01_3", "timestamp": "2026-02-23T00:43:29Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P01_4.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P01_4.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P01_4.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P01_4.hujson index 48bea17a..b16ccf55 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P01_4.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P01_4.hujson @@ -1,3 +1,8 @@ +// GRANT-P01_4 +// +// Grant: src=['*'] dst=['100.108.74.26'] ip=['*'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P01_4", "timestamp": "2026-02-23T00:43:46Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P01_5.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P01_5.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P01_5.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P01_5.hujson index c488c244..4d21fc0f 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P01_5.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P01_5.hujson @@ -1,3 +1,8 @@ +// GRANT-P01_5 +// +// Grant: src=['*'] dst=['100.64.0.0/12'] ip=['*'] +// +// Expected: No filter rules on any node { "test_id": "GRANT-P01_5", "timestamp": "2026-02-23T00:44:03Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P02_1.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P02_1.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P02_1.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P02_1.hujson index f755a16f..5bab5b8a 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P02_1.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P02_1.hujson @@ -1,3 +1,8 @@ +// GRANT-P02_1 +// +// Grant: src=['kratail2tid@passkey'] dst=['*'] ip=['*'] +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-P02_1", "timestamp": "2026-02-23T00:44:20Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P02_2.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P02_2.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P02_2.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P02_2.hujson index 0bec0df2..9ebee3a9 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P02_2.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P02_2.hujson @@ -1,3 +1,8 @@ +// GRANT-P02_2 +// +// Grant: src=['*'] dst=['kratail2tid@passkey'] ip=['*'] +// +// Expected: Rules on user1 { "test_id": "GRANT-P02_2", "timestamp": "2026-02-23T00:44:36Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P02_3.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P02_3.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P02_3.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P02_3.hujson index 019873ee..0ca99c53 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P02_3.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P02_3.hujson @@ -1,3 +1,8 @@ +// GRANT-P02_3 +// +// Grant: src=['group:admins'] dst=['*'] ip=['*'] +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-P02_3", "timestamp": "2026-02-23T00:44:53Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P02_4.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P02_4.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P02_4.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P02_4.hujson index a7abad0a..12b46fe9 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P02_4.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P02_4.hujson @@ -1,3 +1,8 @@ +// GRANT-P02_4 +// +// Grant: src=['*'] dst=['group:admins'] ip=['*'] +// +// Expected: Rules on user1 { "test_id": "GRANT-P02_4", "timestamp": "2026-02-23T00:45:10Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P02_5_CORRECT.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P02_5_CORRECT.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P02_5_CORRECT.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P02_5_CORRECT.hujson index 16d5d811..a9cfccd2 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P02_5_CORRECT.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P02_5_CORRECT.hujson @@ -1,3 +1,10 @@ +// GRANT-P02_5_CORRECT +// +// Grants: +// src=['tag:client'] dst=['tag:server'] ip=['22'] +// src=['tag:client'] dst=['tag:prod'] ip=['5432'] +// +// Expected: Rules on tagged-prod, tagged-server { "test_id": "GRANT-P02_5_CORRECT", "timestamp": "2026-02-23T00:45:26Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P02_5_NAIVE.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P02_5_NAIVE.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P02_5_NAIVE.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P02_5_NAIVE.hujson index c0fe29ae..70b5d404 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P02_5_NAIVE.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P02_5_NAIVE.hujson @@ -1,3 +1,8 @@ +// GRANT-P02_5_NAIVE +// +// Grant: src=['tag:client'] dst=['tag:server', 'tag:prod'] ip=['22', '5432'] +// +// Expected: Rules on tagged-prod, tagged-server { "test_id": "GRANT-P02_5_NAIVE", "timestamp": "2026-02-23T00:45:42Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P03_1.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P03_1.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P03_1.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P03_1.hujson index 20b9bfb3..e3510f42 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P03_1.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P03_1.hujson @@ -1,3 +1,8 @@ +// GRANT-P03_1 +// +// Grant: src=['tag:client'] dst=['*'] ip=['*'] +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-P03_1", "timestamp": "2026-02-23T00:45:58Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P03_2.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P03_2.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P03_2.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P03_2.hujson index fae2ec59..147bece0 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P03_2.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P03_2.hujson @@ -1,3 +1,8 @@ +// GRANT-P03_2 +// +// Grant: src=['*'] dst=['tag:server'] ip=['22'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P03_2", "timestamp": "2026-02-23T00:46:15Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P03_3.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P03_3.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P03_3.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P03_3.hujson index f22afd32..5a81aa73 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P03_3.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P03_3.hujson @@ -1,3 +1,8 @@ +// GRANT-P03_3 +// +// Grant: src=['tag:client'] dst=['tag:server'] ip=['22'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P03_3", "timestamp": "2026-02-23T00:46:32Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P03_4.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P03_4.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P03_4.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P03_4.hujson index 85eeb0ad..a17a48c9 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P03_4.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P03_4.hujson @@ -1,3 +1,8 @@ +// GRANT-P03_4 +// +// Grant: src=['tag:client', 'tag:prod'] dst=['tag:server'] ip=['22'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P03_4", "timestamp": "2026-02-23T00:46:49Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P04_1.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P04_1.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P04_1.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P04_1.hujson index 80014984..794f7fa7 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P04_1.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P04_1.hujson @@ -1,3 +1,8 @@ +// GRANT-P04_1 +// +// Grant: src=['autogroup:member'] dst=['*'] ip=['*'] +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-P04_1", "timestamp": "2026-02-23T00:47:06Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P04_2.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P04_2.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P04_2.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P04_2.hujson index 4f3d8792..7fec4353 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P04_2.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P04_2.hujson @@ -1,3 +1,8 @@ +// GRANT-P04_2 +// +// Grant: src=['autogroup:tagged'] dst=['*'] ip=['*'] +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-P04_2", "timestamp": "2026-02-23T00:47:22Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P04_3.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P04_3.hujson similarity index 89% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P04_3.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P04_3.hujson index 8508e5b1..e85f12ce 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P04_3.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P04_3.hujson @@ -1,3 +1,8 @@ +// GRANT-P04_3 +// +// Grant: src=['*'] dst=['autogroup:self'] ip=['*'] +// +// Expected: Error (HTTP 400) — autogroup:self can only be used with users, groups, or supported autogroups { "test_id": "GRANT-P04_3", "description": "", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P04_4.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P04_4.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P04_4.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P04_4.hujson index 1d3cd8c7..8644469a 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P04_4.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P04_4.hujson @@ -1,3 +1,8 @@ +// GRANT-P04_4 +// +// Grant: src=['*'] dst=['autogroup:internet'] ip=['*'] +// +// Expected: No filter rules on any node { "test_id": "GRANT-P04_4", "timestamp": "2026-02-23T00:47:40Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P05_1.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P05_1.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P05_1.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P05_1.hujson index ab6db23c..a60f748b 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P05_1.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P05_1.hujson @@ -1,3 +1,8 @@ +// GRANT-P05_1 +// +// Grant: src=['*'] dst=['webserver'] ip=['80'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P05_1", "timestamp": "2026-02-23T00:47:56Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P05_2.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P05_2.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P05_2.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P05_2.hujson index 97fe9ef7..d6a5b35b 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P05_2.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P05_2.hujson @@ -1,3 +1,8 @@ +// GRANT-P05_2 +// +// Grant: src=['webserver'] dst=['*'] ip=['*'] +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-P05_2", "timestamp": "2026-02-23T00:48:13Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P05_3.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P05_3.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P05_3.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P05_3.hujson index 97f65e04..20e6fb1c 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P05_3.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P05_3.hujson @@ -1,3 +1,8 @@ +// GRANT-P05_3 +// +// Grant: src=['internal'] dst=['*'] ip=['*'] +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-P05_3", "timestamp": "2026-02-23T00:48:30Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P06_1.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P06_1.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P06_1.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P06_1.hujson index ad234b10..ab58ee1d 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P06_1.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P06_1.hujson @@ -1,3 +1,8 @@ +// GRANT-P06_1 +// +// Grant: src=['*'] dst=['tag:server'] ip=['tcp:22'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P06_1", "timestamp": "2026-02-23T00:48:47Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P06_2.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P06_2.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P06_2.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P06_2.hujson index 86b25e4b..fca9ad47 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P06_2.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P06_2.hujson @@ -1,3 +1,8 @@ +// GRANT-P06_2 +// +// Grant: src=['*'] dst=['tag:server'] ip=['udp:53'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P06_2", "timestamp": "2026-02-23T00:49:03Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P06_3.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P06_3.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P06_3.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P06_3.hujson index a47a227b..32bcb8f4 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P06_3.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P06_3.hujson @@ -1,3 +1,8 @@ +// GRANT-P06_3 +// +// Grant: src=['*'] dst=['tag:server'] ip=['*'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P06_3", "timestamp": "2026-02-23T00:49:20Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P06_4.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P06_4.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P06_4.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P06_4.hujson index c4db4e14..ce5816f5 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P06_4.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P06_4.hujson @@ -1,3 +1,8 @@ +// GRANT-P06_4 +// +// Grant: src=['*'] dst=['tag:server'] ip=['22'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P06_4", "timestamp": "2026-02-23T00:49:37Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P06_5.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P06_5.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P06_5.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P06_5.hujson index 147ae7b4..d81f711d 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P06_5.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P06_5.hujson @@ -1,3 +1,8 @@ +// GRANT-P06_5 +// +// Grant: src=['*'] dst=['tag:server'] ip=['80-443'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P06_5", "timestamp": "2026-02-23T00:49:55Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P06_6.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P06_6.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P06_6.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P06_6.hujson index 7dd5fe53..da7f83d8 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P06_6.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P06_6.hujson @@ -1,3 +1,8 @@ +// GRANT-P06_6 +// +// Grant: src=['*'] dst=['tag:server'] ip=['22', '80', '443'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P06_6", "timestamp": "2026-02-23T00:50:11Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P06_7.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P06_7.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P06_7.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P06_7.hujson index ea896910..6f0c83f6 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P06_7.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P06_7.hujson @@ -1,3 +1,8 @@ +// GRANT-P06_7 +// +// Grant: src=['*'] dst=['tag:server'] ip=['*'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P06_7", "timestamp": "2026-02-23T00:50:27Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P08_1.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P08_1.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P08_1.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P08_1.hujson index 3b31e58e..f7b31995 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P08_1.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P08_1.hujson @@ -1,3 +1,10 @@ +// GRANT-P08_1 +// +// Grants: +// src=['tag:client'] dst=['tag:server'] ip=['22'] +// src=['tag:client'] dst=['tag:server'] ip=['80', '443'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P08_1", "timestamp": "2026-02-23T00:50:53Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P08_2.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P08_2.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P08_2.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P08_2.hujson index 7400d268..73d7812c 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P08_2.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P08_2.hujson @@ -1,3 +1,11 @@ +// GRANT-P08_2 +// +// Grants: +// src=['tag:client'] dst=['tag:server'] ip=['22'] +// src=['tag:client'] dst=['tag:server'] ip=['80', '443'] +// src=['*'] dst=['tag:server'] ip=['udp:53'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P08_2", "timestamp": "2026-02-23T00:51:09Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P08_3.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P08_3.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P08_3.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P08_3.hujson index 66afd33b..03e308b8 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P08_3.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P08_3.hujson @@ -1,3 +1,8 @@ +// GRANT-P08_3 +// +// Grant: src=['group:empty'] dst=['*'] ip=['*'] +// +// Expected: No filter rules on any node { "test_id": "GRANT-P08_3", "timestamp": "2026-02-23T00:51:25Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P08_4.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P08_4.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P08_4.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P08_4.hujson index 4fd8c45a..e74a5b0b 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P08_4.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P08_4.hujson @@ -1,3 +1,11 @@ +// GRANT-P08_4 +// +// Grants: +// src=['tag:client'] dst=['tag:server'] ip=['22'] +// src=['tag:client'] dst=['tag:server'] ip=['80'] +// src=['tag:client'] dst=['tag:server'] ip=['443'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P08_4", "timestamp": "2026-02-23T00:51:42Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P08_5.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P08_5.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P08_5.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P08_5.hujson index 8ce797c3..6a5b168f 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P08_5.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P08_5.hujson @@ -1,3 +1,11 @@ +// GRANT-P08_5 +// +// Grants: +// src=['tag:client'] dst=['tag:server'] ip=['22'] +// src=['tag:prod'] dst=['tag:server'] ip=['22'] +// src=['tag:router'] dst=['tag:server'] ip=['22'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P08_5", "timestamp": "2026-02-23T00:51:58Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P08_6.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P08_6.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P08_6.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P08_6.hujson index fa78c8c1..dfcd289c 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P08_6.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P08_6.hujson @@ -1,3 +1,10 @@ +// GRANT-P08_6 +// +// Grants: +// src=['tag:client'] dst=['tag:server'] ip=['22'] +// src=['*'] dst=['tag:server'] ip=['80'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P08_6", "timestamp": "2026-02-23T00:52:14Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P08_7.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P08_7.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P08_7.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P08_7.hujson index f80213dc..31f300e0 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P08_7.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P08_7.hujson @@ -1,3 +1,10 @@ +// GRANT-P08_7 +// +// Grants: +// src=['*'] dst=['*'] ip=['*'] +// src=['tag:client'] dst=['tag:server'] ip=['22'] +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-P08_7", "timestamp": "2026-02-23T00:52:30Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P08_8.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P08_8.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P08_8.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P08_8.hujson index fd8bf7ba..cf8f64e0 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P08_8.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P08_8.hujson @@ -1,3 +1,8 @@ +// GRANT-P08_8 +// +// Grant: src=['*'] dst=['10.0.0.0/8'] ip=['22'] +// +// Expected: Rules on subnet-router { "test_id": "GRANT-P08_8", "timestamp": "2026-02-23T00:52:47Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_10A.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_10A.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_10A.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_10A.hujson index 65c274a8..322a75b2 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_10A.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_10A.hujson @@ -1,3 +1,10 @@ +// GRANT-P09_10A +// +// Grants: +// src=['autogroup:member'] dst=['tag:server'] ip=['22'] +// src=['tag:client'] dst=['group:admins'] ip=['80'] +// +// Expected: Rules on tagged-server, user1 { "test_id": "GRANT-P09_10A", "timestamp": "2026-02-23T00:53:03Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_10B.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_10B.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_10B.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_10B.hujson index 022d2ffc..fd1b6bc9 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_10B.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_10B.hujson @@ -1,3 +1,10 @@ +// GRANT-P09_10B +// +// Grants: +// src=['group:admins'] dst=['*'] ip=['*'] +// src=['autogroup:tagged'] dst=['*'] ip=['*'] +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-P09_10B", "timestamp": "2026-02-23T00:53:19Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_10C.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_10C.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_10C.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_10C.hujson index 6c36ebc0..0d465430 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_10C.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_10C.hujson @@ -1,3 +1,11 @@ +// GRANT-P09_10C +// +// Grants: +// src=['*'] dst=['tag:server'] ip=['22'] +// src=['tag:client'] dst=['tag:server'] ip=['80'] +// src=['autogroup:member'] dst=['tag:server'] ip=['443'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P09_10C", "timestamp": "2026-02-23T00:53:35Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_10D.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_10D.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_10D.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_10D.hujson index 26bc9a5d..bd6a7240 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_10D.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_10D.hujson @@ -1,3 +1,10 @@ +// GRANT-P09_10D +// +// Grants: +// src=['tag:client', 'tag:prod'] dst=['tag:server'] ip=['22'] +// src=['autogroup:member', 'group:admins'] dst=['tag:router'] ip=['5432'] +// +// Expected: Rules on subnet-router, tagged-server { "test_id": "GRANT-P09_10D", "timestamp": "2026-02-23T00:53:52Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_11A.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_11A.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_11A.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_11A.hujson index 663365bf..b9ed5ec1 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_11A.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_11A.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_11A +// +// Grant: src=['autogroup:member', 'tag:client'] dst=['tag:server'] ip=['22', '80', '443'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P09_11A", "timestamp": "2026-02-23T00:54:08Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_11B.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_11B.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_11B.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_11B.hujson index 9fd6b7b7..3a1dba6d 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_11B.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_11B.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_11B +// +// Grant: src=['group:admins', 'webserver'] dst=['tag:server'] ip=['80-443'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P09_11B", "timestamp": "2026-02-23T00:54:24Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_11C_NAIVE.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_11C_NAIVE.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_11C_NAIVE.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_11C_NAIVE.hujson index 9b2cbb45..a55e663b 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_11C_NAIVE.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_11C_NAIVE.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_11C_NAIVE +// +// Grant: src=['tag:client', 'tag:prod'] dst=['tag:server', 'tag:router'] ip=['22', '80-443', '5432', '3306'] +// +// Expected: Rules on subnet-router, tagged-server { "test_id": "GRANT-P09_11C_NAIVE", "timestamp": "2026-02-23T00:54:41Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_11D.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_11D.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_11D.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_11D.hujson index 4543e9ba..36eaf9da 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_11D.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_11D.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_11D +// +// Grant: src=['autogroup:tagged', 'autogroup:member'] dst=['tag:server', 'tag:router'] ip=['*', '5432'] +// +// Expected: Rules on subnet-router, tagged-server { "test_id": "GRANT-P09_11D", "timestamp": "2026-02-23T00:54:57Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_12A.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_12A.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_12A.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_12A.hujson index d0902b0b..2d8ac6cf 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_12A.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_12A.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_12A +// +// Grant: src=['internal', 'tag:client'] dst=['tag:server'] ip=['22'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P09_12A", "timestamp": "2026-02-23T00:55:13Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_12B.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_12B.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_12B.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_12B.hujson index 3266838d..a0170994 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_12B.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_12B.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_12B +// +// Grant: src=['tag:client'] dst=['internal', 'tag:server'] ip=['22', '80'] +// +// Expected: Rules on subnet-router, tagged-server { "test_id": "GRANT-P09_12B", "timestamp": "2026-02-23T00:55:30Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13A.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13A.hujson similarity index 89% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13A.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13A.hujson index 047b073e..e77a2614 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13A.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13A.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_13A +// +// Grant: src=['*'] dst=['autogroup:self'] ip=['*'] +// +// Expected: Error (HTTP 400) — autogroup:self can only be used with users, groups, or supported autogroups { "test_id": "GRANT-P09_13A", "description": "", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13B.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13B.hujson similarity index 89% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13B.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13B.hujson index f215741a..40bb1ddd 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13B.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13B.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_13B +// +// Grant: src=['*'] dst=['autogroup:self'] ip=['22'] +// +// Expected: Error (HTTP 400) — autogroup:self can only be used with users, groups, or supported autogroups { "test_id": "GRANT-P09_13B", "description": "", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13C.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13C.hujson similarity index 88% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13C.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13C.hujson index 30c256ec..e0104fb7 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13C.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13C.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_13C +// +// Grant: src=['*'] dst=['autogroup:self'] ip=['22', '80', '443'] +// +// Expected: Error (HTTP 400) — autogroup:self can only be used with users, groups, or supported autogroups { "test_id": "GRANT-P09_13C", "description": "", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13D.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13D.hujson similarity index 88% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13D.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13D.hujson index 17115378..a8ffb71c 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13D.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13D.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_13D +// +// Grant: src=['*'] dst=['autogroup:self'] ip=['80-443'] +// +// Expected: Error (HTTP 400) — autogroup:self can only be used with users, groups, or supported autogroups { "test_id": "GRANT-P09_13D", "description": "", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13E.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13E.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13E.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13E.hujson index f7bb237a..8e308bfa 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13E.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13E.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_13E +// +// Grant: src=['autogroup:member'] dst=['autogroup:self'] ip=['*'] +// +// Expected: Rules on user-kris, user-mon, user1 { "test_id": "GRANT-P09_13E", "timestamp": "2026-02-23T00:55:47Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13F.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13F.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13F.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13F.hujson index d8fd5fe7..b3401e75 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13F.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13F.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_13F +// +// Grant: src=['kratail2tid@passkey'] dst=['autogroup:self'] ip=['*'] +// +// Expected: Rules on user1 { "test_id": "GRANT-P09_13F", "timestamp": "2026-02-23T00:56:03Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13G.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13G.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13G.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13G.hujson index f25ad7c7..4dd17f40 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13G.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13G.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_13G +// +// Grant: src=['group:admins'] dst=['autogroup:self'] ip=['*'] +// +// Expected: Rules on user1 { "test_id": "GRANT-P09_13G", "timestamp": "2026-02-23T00:56:19Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13H_CORRECT.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13H_CORRECT.hujson similarity index 87% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13H_CORRECT.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13H_CORRECT.hujson index 421964f1..dae9f5ab 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13H_CORRECT.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13H_CORRECT.hujson @@ -1,3 +1,10 @@ +// GRANT-P09_13H_CORRECT +// +// Grants: +// src=['*'] dst=['autogroup:self'] ip=['*'] +// src=['*'] dst=['tag:server'] ip=['22'] +// +// Expected: Error (HTTP 400) — autogroup:self can only be used with users, groups, or supported autogroups { "test_id": "GRANT-P09_13H_CORRECT", "description": "", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13H_NAIVE.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13H_NAIVE.hujson similarity index 88% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13H_NAIVE.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13H_NAIVE.hujson index 94cdafdd..acab45d3 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13H_NAIVE.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_13H_NAIVE.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_13H_NAIVE +// +// Grant: src=['*'] dst=['autogroup:self', 'tag:server'] ip=['*', '22'] +// +// Expected: Error (HTTP 400) — autogroup:self can only be used with users, groups, or supported autogroups { "test_id": "GRANT-P09_13H_NAIVE", "description": "", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14A.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14A.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14A.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14A.hujson index 62010f95..a59f6bb8 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14A.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14A.hujson @@ -1,3 +1,10 @@ +// GRANT-P09_14A +// +// Grants: +// src=['tag:client'] dst=['tag:server'] ip=['22'] +// src=['tag:client'] dst=['tag:server'] ip=['80'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P09_14A", "timestamp": "2026-02-23T00:56:36Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14B.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14B.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14B.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14B.hujson index 6c07faa2..56ccb8bb 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14B.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14B.hujson @@ -1,3 +1,10 @@ +// GRANT-P09_14B +// +// Grants: +// src=['tag:client'] dst=['tag:server'] ip=['22'] +// src=['tag:prod'] dst=['tag:server'] ip=['22'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P09_14B", "timestamp": "2026-02-23T00:56:52Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14C.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14C.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14C.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14C.hujson index 8bb14cdd..6e56d55f 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14C.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14C.hujson @@ -1,3 +1,10 @@ +// GRANT-P09_14C +// +// Grants: +// src=['*'] dst=['*'] ip=['*'] +// src=['tag:client'] dst=['tag:server'] ip=['22'] +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-P09_14C", "timestamp": "2026-02-23T00:57:09Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14D.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14D.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14D.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14D.hujson index f4d97a7a..33fecbe0 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14D.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14D.hujson @@ -1,3 +1,11 @@ +// GRANT-P09_14D +// +// Grants: +// src=['tag:client'] dst=['tag:server'] ip=['22'] +// src=['tag:prod'] dst=['tag:server'] ip=['80'] +// src=['tag:router'] dst=['tag:server'] ip=['443'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P09_14D", "timestamp": "2026-02-23T00:57:25Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14E.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14E.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14E.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14E.hujson index b7a3b3a1..b7ff46bd 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14E.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14E.hujson @@ -1,3 +1,11 @@ +// GRANT-P09_14E +// +// Grants: +// src=['tag:client'] dst=['tag:server'] ip=['22'] +// src=['tag:client'] dst=['tag:prod'] ip=['5432'] +// src=['tag:client'] dst=['tag:router'] ip=['80'] +// +// Expected: Rules on subnet-router, tagged-prod, tagged-server { "test_id": "GRANT-P09_14E", "timestamp": "2026-02-23T00:57:41Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14F.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14F.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14F.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14F.hujson index d15c2b15..b80b30cf 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14F.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14F.hujson @@ -1,3 +1,10 @@ +// GRANT-P09_14F +// +// Grants: +// src=['autogroup:tagged'] dst=['*'] ip=['*'] +// src=['autogroup:member'] dst=['*'] ip=['*'] +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-P09_14F", "timestamp": "2026-02-23T00:57:57Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14G.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14G.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14G.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14G.hujson index 9ee4b399..d403dbe2 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14G.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14G.hujson @@ -1,3 +1,10 @@ +// GRANT-P09_14G +// +// Grants: +// src=['autogroup:member', 'group:admins', 'kratail2tid@passkey'] dst=['tag:server'] ip=['22'] +// src=['tag:server', 'webserver', '100.108.74.26'] dst=['group:admins'] ip=['80'] +// +// Expected: Rules on tagged-server, user1 { "test_id": "GRANT-P09_14G", "timestamp": "2026-02-23T00:58:14Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14H.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14H.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14H.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14H.hujson index 9e6f5264..890cac76 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14H.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14H.hujson @@ -1,3 +1,10 @@ +// GRANT-P09_14H +// +// Grants: +// src=['tag:client'] dst=['*'] ip=['*'] +// src=['tag:client'] dst=['tag:server'] ip=['22'] +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-P09_14H", "timestamp": "2026-02-23T00:58:30Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14I.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14I.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14I.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14I.hujson index 7a892023..bfd63ae1 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14I.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_14I.hujson @@ -1,3 +1,11 @@ +// GRANT-P09_14I +// +// Grants: +// src=['*'] dst=['tag:server'] ip=['22'] +// src=['*'] dst=['tag:prod'] ip=['5432'] +// src=['*'] dst=['*'] ip=['80'] +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-P09_14I", "timestamp": "2026-02-23T00:58:46Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_1A.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_1A.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_1A.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_1A.hujson index 3f81a47a..ec7c627b 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_1A.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_1A.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_1A +// +// Grant: src=['autogroup:member', 'tag:client'] dst=['tag:server'] ip=['22'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P09_1A", "timestamp": "2026-02-23T00:59:02Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_1B.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_1B.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_1B.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_1B.hujson index 8036ad2b..29c365e0 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_1B.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_1B.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_1B +// +// Grant: src=['autogroup:tagged', 'autogroup:member'] dst=['tag:server'] ip=['22'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P09_1B", "timestamp": "2026-02-23T00:59:19Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_1C.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_1C.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_1C.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_1C.hujson index 9f3f4715..d24b1137 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_1C.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_1C.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_1C +// +// Grant: src=['group:admins', 'tag:client'] dst=['tag:server'] ip=['22'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P09_1C", "timestamp": "2026-02-23T00:59:35Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_1D.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_1D.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_1D.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_1D.hujson index 38aa290e..9db2c8bd 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_1D.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_1D.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_1D +// +// Grant: src=['kratail2tid@passkey', 'tag:client'] dst=['tag:server'] ip=['22'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P09_1D", "timestamp": "2026-02-23T00:59:51Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_1E.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_1E.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_1E.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_1E.hujson index fc9f43d7..71811b39 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_1E.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_1E.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_1E +// +// Grant: src=['100.90.199.68', 'tag:client'] dst=['tag:server'] ip=['22'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P09_1E", "timestamp": "2026-02-23T01:00:07Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_2A_CORRECT.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_2A_CORRECT.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_2A_CORRECT.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_2A_CORRECT.hujson index 9f654e76..ed7b7cb5 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_2A_CORRECT.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_2A_CORRECT.hujson @@ -1,3 +1,10 @@ +// GRANT-P09_2A_CORRECT +// +// Grants: +// src=['tag:client'] dst=['tag:server'] ip=['22'] +// src=['tag:client'] dst=['tag:prod'] ip=['5432'] +// +// Expected: Rules on tagged-prod, tagged-server { "test_id": "GRANT-P09_2A_CORRECT", "timestamp": "2026-02-23T01:00:24Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_2A_NAIVE.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_2A_NAIVE.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_2A_NAIVE.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_2A_NAIVE.hujson index 11ae75a1..3c34fcb0 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_2A_NAIVE.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_2A_NAIVE.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_2A_NAIVE +// +// Grant: src=['tag:client'] dst=['tag:server', 'tag:prod'] ip=['22', '5432'] +// +// Expected: Rules on tagged-prod, tagged-server { "test_id": "GRANT-P09_2A_NAIVE", "timestamp": "2026-02-23T01:00:40Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_2B_CORRECT.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_2B_CORRECT.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_2B_CORRECT.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_2B_CORRECT.hujson index fa1e143c..16824ba7 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_2B_CORRECT.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_2B_CORRECT.hujson @@ -1,3 +1,10 @@ +// GRANT-P09_2B_CORRECT +// +// Grants: +// src=['tag:client'] dst=['tag:server'] ip=['22'] +// src=['tag:client'] dst=['webserver'] ip=['80'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P09_2B_CORRECT", "timestamp": "2026-02-23T01:00:56Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_2B_NAIVE.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_2B_NAIVE.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_2B_NAIVE.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_2B_NAIVE.hujson index ebbe1c1f..a04860b2 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_2B_NAIVE.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_2B_NAIVE.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_2B_NAIVE +// +// Grant: src=['tag:client'] dst=['tag:server', 'webserver'] ip=['22', '80'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P09_2B_NAIVE", "timestamp": "2026-02-23T01:01:12Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_2C.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_2C.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_2C.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_2C.hujson index 04925427..d3b85e0e 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_2C.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_2C.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_2C +// +// Grant: src=['tag:client'] dst=['webserver', 'prodbox'] ip=['22', '5432'] +// +// Expected: Rules on tagged-prod, tagged-server { "test_id": "GRANT-P09_2C", "timestamp": "2026-02-23T01:01:29Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_3A.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_3A.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_3A.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_3A.hujson index ec43dbb7..ee98c3e7 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_3A.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_3A.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_3A +// +// Grant: src=['tag:server', 'webserver'] dst=['tag:client'] ip=['22'] +// +// Expected: Rules on tagged-client { "test_id": "GRANT-P09_3A", "timestamp": "2026-02-23T01:01:45Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_3B.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_3B.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_3B.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_3B.hujson index 99fe507f..f45537d9 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_3B.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_3B.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_3B +// +// Grant: src=['autogroup:member', 'kratail2tid@passkey', 'group:admins'] dst=['tag:server'] ip=['22'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P09_3B", "timestamp": "2026-02-23T01:02:02Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_3C.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_3C.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_3C.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_3C.hujson index 3abc2559..20b96ae7 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_3C.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_3C.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_3C +// +// Grant: src=['tag:client'] dst=['tag:server', 'webserver'] ip=['22'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P09_3C", "timestamp": "2026-02-23T01:02:18Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4A.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4A.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4A.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4A.hujson index d233145f..fc34e880 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4A.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4A.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_4A +// +// Grant: src=['autogroup:member'] dst=['tag:server'] ip=['22'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P09_4A", "timestamp": "2026-02-23T01:02:35Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4B.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4B.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4B.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4B.hujson index 3268d4b5..332bd490 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4B.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4B.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_4B +// +// Grant: src=['autogroup:tagged'] dst=['kratail2tid@passkey'] ip=['22'] +// +// Expected: Rules on user1 { "test_id": "GRANT-P09_4B", "timestamp": "2026-02-23T01:02:52Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4C.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4C.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4C.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4C.hujson index df9f2cc1..4c0e12c4 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4C.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4C.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_4C +// +// Grant: src=['group:admins'] dst=['webserver'] ip=['22'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P09_4C", "timestamp": "2026-02-23T01:03:09Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4D.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4D.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4D.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4D.hujson index 3800b23c..f2e2a26d 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4D.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4D.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_4D +// +// Grant: src=['webserver'] dst=['group:admins'] ip=['22'] +// +// Expected: Rules on user1 { "test_id": "GRANT-P09_4D", "timestamp": "2026-02-23T01:03:26Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4E.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4E.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4E.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4E.hujson index 324cc166..0d27813d 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4E.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4E.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_4E +// +// Grant: src=['autogroup:member'] dst=['autogroup:self'] ip=['*'] +// +// Expected: Rules on user-kris, user-mon, user1 { "test_id": "GRANT-P09_4E", "timestamp": "2026-02-23T01:03:42Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4F.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4F.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4F.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4F.hujson index 9821d6dc..3be008ef 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4F.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4F.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_4F +// +// Grant: src=['100.90.199.68'] dst=['tag:server'] ip=['22'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P09_4F", "timestamp": "2026-02-23T01:03:58Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4G.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4G.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4G.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4G.hujson index 0412bec6..3a39ebaf 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4G.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_4G.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_4G +// +// Grant: src=['tag:client'] dst=['100.108.74.26'] ip=['22'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P09_4G", "timestamp": "2026-02-23T01:04:15Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_5A.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_5A.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_5A.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_5A.hujson index ffb9160a..ee9f1fa2 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_5A.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_5A.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_5A +// +// Grant: src=['tag:client', 'tag:prod'] dst=['tag:server'] ip=['22'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P09_5A", "timestamp": "2026-02-23T01:04:32Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_5B.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_5B.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_5B.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_5B.hujson index 472ca412..972d5d3f 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_5B.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_5B.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_5B +// +// Grant: src=['tag:prod', 'tag:client'] dst=['tag:server'] ip=['22'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P09_5B", "timestamp": "2026-02-23T01:04:49Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_5C_NAIVE.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_5C_NAIVE.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_5C_NAIVE.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_5C_NAIVE.hujson index 91ba3fef..b77643a3 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_5C_NAIVE.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_5C_NAIVE.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_5C_NAIVE +// +// Grant: src=['tag:client'] dst=['tag:server', 'tag:prod'] ip=['22', '80'] +// +// Expected: Rules on tagged-prod, tagged-server { "test_id": "GRANT-P09_5C_NAIVE", "timestamp": "2026-02-23T01:05:06Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_6A.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_6A.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_6A.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_6A.hujson index 46db3802..6837efac 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_6A.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_6A.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_6A +// +// Grant: src=['*'] dst=['webserver', 'prodbox'] ip=['22', '5432'] +// +// Expected: Rules on tagged-prod, tagged-server { "test_id": "GRANT-P09_6A", "timestamp": "2026-02-23T01:05:22Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_6B.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_6B.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_6B.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_6B.hujson index 44ca7696..442e99fb 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_6B.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_6B.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_6B +// +// Grant: src=['group:empty'] dst=['tag:server'] ip=['22'] +// +// Expected: No filter rules on any node { "test_id": "GRANT-P09_6B", "timestamp": "2026-02-23T01:05:39Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_6C.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_6C.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_6C.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_6C.hujson index 99f8de51..7b7287ac 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_6C.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_6C.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_6C +// +// Grant: src=['internal'] dst=['tag:server'] ip=['22'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P09_6C", "timestamp": "2026-02-23T01:05:56Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_6D.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_6D.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_6D.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_6D.hujson index a1b8cd3c..8647b546 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_6D.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_6D.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_6D +// +// Grant: src=['tag:client'] dst=['internal'] ip=['22'] +// +// Expected: Rules on subnet-router { "test_id": "GRANT-P09_6D", "timestamp": "2026-02-23T01:06:13Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_7A.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_7A.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_7A.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_7A.hujson index 65de3f4e..3ee575f4 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_7A.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_7A.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_7A +// +// Grant: src=['*', 'autogroup:member', 'autogroup:tagged', 'group:admins', 'tag:client', 'webserver', '100.90.199.68'] dst=['tag:server'] ip=['22'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P09_7A", "timestamp": "2026-02-23T01:06:30Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_7B_NAIVE.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_7B_NAIVE.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_7B_NAIVE.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_7B_NAIVE.hujson index e4a7e26d..c1adef93 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_7B_NAIVE.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_7B_NAIVE.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_7B_NAIVE +// +// Grant: src=['tag:client'] dst=['tag:server', 'tag:prod', 'webserver', 'prodbox', 'group:admins', 'kratail2tid@passkey', '100.108.74.26'] ip=['22', '5432', '80', '443', '8080', '3000', '9000'] +// +// Expected: Rules on tagged-prod, tagged-server, user1 { "test_id": "GRANT-P09_7B_NAIVE", "timestamp": "2026-02-23T01:06:47Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_7C.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_7C.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_7C.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_7C.hujson index 4296bfb7..e629abb9 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_7C.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_7C.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_7C +// +// Grant: src=['autogroup:member', 'autogroup:tagged', 'group:admins', 'group:developers', 'kratail2tid@passkey', 'tag:client', 'tag:prod', 'tag:router', 'webserver', 'prodbox'] dst=['*'] ip=['*'] +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-P09_7C", "timestamp": "2026-02-23T01:07:03Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_7D_NAIVE.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_7D_NAIVE.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_7D_NAIVE.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_7D_NAIVE.hujson index ad806cdc..b3247fba 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_7D_NAIVE.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_7D_NAIVE.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_7D_NAIVE +// +// Grant: src=['*'] dst=['tag:server', 'tag:prod', 'tag:client', 'tag:router', 'webserver', 'prodbox'] ip=['22', '80', '443', '5432', '3306', '8080'] +// +// Expected: Rules on subnet-router, tagged-client, tagged-prod, tagged-server { "test_id": "GRANT-P09_7D_NAIVE", "timestamp": "2026-02-23T01:07:20Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_8A.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_8A.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_8A.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_8A.hujson index 0f37e367..02f2bfa6 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_8A.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_8A.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_8A +// +// Grant: src=['autogroup:member', 'group:admins', 'group:developers', 'kratail2tid@passkey', '100.90.199.68'] dst=['tag:server'] ip=['22'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P09_8A", "timestamp": "2026-02-23T01:07:38Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_8B.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_8B.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_8B.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_8B.hujson index 4409621e..1a1bb679 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_8B.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_8B.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_8B +// +// Grant: src=['tag:server', 'webserver', '100.108.74.26'] dst=['tag:client'] ip=['22'] +// +// Expected: Rules on tagged-client { "test_id": "GRANT-P09_8B", "timestamp": "2026-02-23T01:07:54Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_8C.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_8C.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_8C.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_8C.hujson index 82cb1e90..b9fb5f2b 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_8C.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_8C.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_8C +// +// Grant: src=['tag:client'] dst=['tag:server', 'webserver', '100.108.74.26'] ip=['22'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-P09_8C", "timestamp": "2026-02-23T01:08:11Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_9A.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_9A.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_9A.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_9A.hujson index 8bf01306..fd0eafe0 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_9A.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_9A.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_9A +// +// Grant: src=['tag:server', 'tag:client', 'tag:prod', 'tag:router'] dst=['*'] ip=['*'] +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-P09_9A", "timestamp": "2026-02-23T01:08:28Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_9B.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_9B.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_9B.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_9B.hujson index 017dc390..4c3f7a37 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_9B.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_9B.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_9B +// +// Grant: src=['*'] dst=['tag:server', 'tag:client', 'tag:prod', 'tag:router'] ip=['22'] +// +// Expected: Rules on subnet-router, tagged-client, tagged-prod, tagged-server { "test_id": "GRANT-P09_9B", "timestamp": "2026-02-23T01:08:45Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_9C.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_9C.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P09_9C.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P09_9C.hujson index c04be363..948408cf 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_9C.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P09_9C.hujson @@ -1,3 +1,8 @@ +// GRANT-P09_9C +// +// Grant: src=['autogroup:member', 'autogroup:tagged'] dst=['*'] ip=['*'] +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-P09_9C", "timestamp": "2026-02-23T01:09:02Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P10_1.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P10_1.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P10_1.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P10_1.hujson index 15eaa859..f189cda5 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P10_1.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P10_1.hujson @@ -1,3 +1,8 @@ +// GRANT-P10_1 +// +// Grant: src=['*'] dst=['*'] ip=['*'] +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-P10_1", "timestamp": "2026-02-23T01:09:19Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P10_2.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P10_2.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P10_2.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P10_2.hujson index be277a9a..9cf6d5e6 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P10_2.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P10_2.hujson @@ -1,3 +1,8 @@ +// GRANT-P10_2 +// +// Grant: src=['tag:router'] dst=['tag:router'] ip=['*'] +// +// Expected: Rules on subnet-router { "test_id": "GRANT-P10_2", "timestamp": "2026-02-23T01:09:36Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P10_3.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P10_3.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P10_3.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P10_3.hujson index 1090c1f4..de225cd9 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P10_3.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P10_3.hujson @@ -1,3 +1,8 @@ +// GRANT-P10_3 +// +// Grant: src=['*'] dst=['10.33.0.0/16'] ip=['*'] +// +// Expected: Rules on subnet-router { "test_id": "GRANT-P10_3", "timestamp": "2026-02-23T01:09:53Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P10_4.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P10_4.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P10_4.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P10_4.hujson index a864c904..833d18bd 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P10_4.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P10_4.hujson @@ -1,3 +1,8 @@ +// GRANT-P10_4 +// +// Grant: src=['autogroup:member'] dst=['10.33.0.0/16'] ip=['*'] +// +// Expected: Rules on subnet-router { "test_id": "GRANT-P10_4", "timestamp": "2026-02-23T01:10:09Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P11_1.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P11_1.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P11_1.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P11_1.hujson index 9d682987..0377eedf 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P11_1.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P11_1.hujson @@ -1,3 +1,8 @@ +// GRANT-P11_1 +// +// Grant: src=['*'] dst=['*'] ip=['*'] +// +// Expected: Rules on 8 nodes { "test_id": "GRANT-P11_1", "timestamp": "2026-02-23T01:10:26Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P11_2.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P11_2.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P11_2.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P11_2.hujson index 361157ee..9383a413 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P11_2.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P11_2.hujson @@ -1,3 +1,8 @@ +// GRANT-P11_2 +// +// Grant: src=['tag:exit'] dst=['tag:exit'] ip=['*'] +// +// Expected: Rules on exit-node { "test_id": "GRANT-P11_2", "timestamp": "2026-02-23T01:10:43Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P11_3.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P11_3.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P11_3.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P11_3.hujson index e3be84f8..90fcdaec 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P11_3.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P11_3.hujson @@ -1,3 +1,8 @@ +// GRANT-P11_3 +// +// Grant: src=['autogroup:member'] dst=['autogroup:internet'] ip=['*'] +// +// Expected: No filter rules on any node { "test_id": "GRANT-P11_3", "timestamp": "2026-02-23T01:11:00Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P13_1.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P13_1.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P13_1.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P13_1.hujson index a9853249..b25ad760 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P13_1.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P13_1.hujson @@ -1,3 +1,8 @@ +// GRANT-P13_1 +// +// Grant: src=['autogroup:member'] dst=['10.33.0.0/16'] ip=['22'] +// +// Expected: Rules on subnet-router { "test_id": "GRANT-P13_1", "timestamp": "2026-02-23T01:11:17Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P13_2.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P13_2.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P13_2.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P13_2.hujson index 5ed7a60b..60614ac1 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P13_2.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P13_2.hujson @@ -1,3 +1,8 @@ +// GRANT-P13_2 +// +// Grant: src=['*'] dst=['10.33.0.0/16'] ip=['80-443'] +// +// Expected: Rules on subnet-router { "test_id": "GRANT-P13_2", "timestamp": "2026-02-23T01:11:34Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P13_3.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P13_3.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P13_3.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P13_3.hujson index 12a9f94e..d3810bbe 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P13_3.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P13_3.hujson @@ -1,3 +1,8 @@ +// GRANT-P13_3 +// +// Grant: src=['*'] dst=['10.33.0.0/16'] ip=['22', '80', '443'] +// +// Expected: Rules on subnet-router { "test_id": "GRANT-P13_3", "timestamp": "2026-02-23T01:11:50Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P13_4.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P13_4.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P13_4.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P13_4.hujson index 7b24e60e..75eea7e4 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P13_4.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P13_4.hujson @@ -1,3 +1,8 @@ +// GRANT-P13_4 +// +// Grant: src=['10.33.0.0/16'] dst=['autogroup:member'] ip=['*'] +// +// Expected: Rules on user-kris, user-mon, user1 { "test_id": "GRANT-P13_4", "timestamp": "2026-02-23T01:12:07Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P15_1.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P15_1.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P15_1.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P15_1.hujson index 49a66270..f5d18333 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P15_1.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P15_1.hujson @@ -1,3 +1,8 @@ +// GRANT-P15_1 +// +// Grant: src=['autogroup:member'] dst=['10.33.1.0/24'] ip=['22'] +// +// Expected: Rules on subnet-router { "test_id": "GRANT-P15_1", "timestamp": "2026-02-23T01:12:24Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P15_2.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P15_2.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P15_2.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P15_2.hujson index 9baf31ee..3ba8a535 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P15_2.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P15_2.hujson @@ -1,3 +1,8 @@ +// GRANT-P15_2 +// +// Grant: src=['autogroup:member'] dst=['10.1.0.0/16'] ip=['22'] +// +// Expected: No filter rules on any node { "test_id": "GRANT-P15_2", "timestamp": "2026-02-23T01:12:41Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P15_3.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P15_3.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P15_3.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P15_3.hujson index 7dd00200..bd5a02dd 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P15_3.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P15_3.hujson @@ -1,3 +1,8 @@ +// GRANT-P15_3 +// +// Grant: src=['autogroup:member'] dst=['10.32.0.0/14'] ip=['22'] +// +// Expected: Rules on subnet-router { "test_id": "GRANT-P15_3", "timestamp": "2026-02-23T01:12:57Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P15_4.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P15_4.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P15_4.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P15_4.hujson index 6d9ba03d..435e4dcd 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P15_4.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P15_4.hujson @@ -1,3 +1,8 @@ +// GRANT-P15_4 +// +// Grant: src=['autogroup:member'] dst=['8.8.8.0/24'] ip=['53'] +// +// Expected: No filter rules on any node { "test_id": "GRANT-P15_4", "timestamp": "2026-02-23T01:13:14Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P15_5.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P15_5.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P15_5.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P15_5.hujson index defa3543..5ea036aa 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P15_5.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P15_5.hujson @@ -1,3 +1,8 @@ +// GRANT-P15_5 +// +// Grant: src=['autogroup:member'] dst=['10.32.0.100/32'] ip=['80'] +// +// Expected: No filter rules on any node { "test_id": "GRANT-P15_5", "timestamp": "2026-02-23T01:13:31Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-P15_6.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-P15_6.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-P15_6.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-P15_6.hujson index 625d6f4a..4bf25f56 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-P15_6.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-P15_6.hujson @@ -1,3 +1,8 @@ +// GRANT-P15_6 +// +// Grant: src=['autogroup:member'] dst=['fd00:1::/64'] ip=['443'] +// +// Expected: No filter rules on any node { "test_id": "GRANT-P15_6", "timestamp": "2026-02-23T01:13:48Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V01.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V01.hujson similarity index 90% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-V01.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-V01.hujson index c467cb5e..845fc0f2 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-V01.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V01.hujson @@ -1,3 +1,8 @@ +// GRANT-V01 +// +// Grant: src=['*'] dst=['autogroup:internet'] app={example.com/cap/internet-access} +// +// Expected: Error (HTTP 400) — cannot use app grants with autogroup:internet { "test_id": "GRANT-V01", "description": "", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V02.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V02.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-V02.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-V02.hujson index b55ac114..e2c4129f 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-V02.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V02.hujson @@ -1,3 +1,8 @@ +// GRANT-V02 +// +// Grant: src=['*'] dst=['tag:exit'] app={example.com/cap/exit-control} +// +// Expected: Rules on exit-node { "test_id": "GRANT-V02", "timestamp": "2026-02-23T15:39:40Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V03.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V03.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-V03.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-V03.hujson index b1cb7c50..3c9200ba 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-V03.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V03.hujson @@ -1,3 +1,8 @@ +// GRANT-V03 +// +// Grant: src=['*'] dst=['tag:router'] app={example.com/cap/router-admin} +// +// Expected: Rules on subnet-router { "test_id": "GRANT-V03", "timestamp": "2026-02-23T15:39:49Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V04.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V04.hujson similarity index 88% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-V04.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-V04.hujson index 20cfefc5..ce4f822c 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-V04.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V04.hujson @@ -1,3 +1,8 @@ +// GRANT-V04 +// +// Grant: src=['*'] dst=['0.0.0.0/0'] app={example.com/cap/global-access} +// +// Expected: Error (HTTP 400) — dst "0.0.0.0/0": to allow all IP addresses, use "*" or "autogroup:internet" { "test_id": "GRANT-V04", "description": "", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V05.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V05.hujson similarity index 89% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-V05.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-V05.hujson index 429dd519..2c668c71 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-V05.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V05.hujson @@ -1,3 +1,8 @@ +// GRANT-V05 +// +// Grant: src=['*'] dst=['::/0'] app={example.com/cap/global-v6} +// +// Expected: Error (HTTP 400) — dst "::/0": to allow all IP addresses, use "*" or "autogroup:internet" { "test_id": "GRANT-V05", "description": "", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V06.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V06.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-V06.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-V06.hujson index 1acada16..1912e3be 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-V06.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V06.hujson @@ -1,3 +1,8 @@ +// GRANT-V06 +// +// Grant: src=['*'] dst=['tag:server', 'tag:exit'] app={example.com/cap/multi-dst} +// +// Expected: Rules on exit-node, tagged-server { "test_id": "GRANT-V06", "timestamp": "2026-02-23T15:39:59Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V07.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V07.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-V07.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-V07.hujson index 824fc4f1..a8fe6464 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-V07.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V07.hujson @@ -1,3 +1,8 @@ +// GRANT-V07 +// +// Grant: src=['*'] dst=['autogroup:internet'] ip=['tcp:443'] +// +// Expected: No filter rules on any node { "test_id": "GRANT-V07", "timestamp": "2026-02-23T15:40:09Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V08.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V08.hujson similarity index 88% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-V08.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-V08.hujson index e844c3e2..e0dcda8a 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-V08.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V08.hujson @@ -1,3 +1,8 @@ +// GRANT-V08 +// +// Grant: src=['*'] dst=['0.0.0.0/0'] ip=['tcp:80', 'tcp:443'] +// +// Expected: Error (HTTP 400) — dst "0.0.0.0/0": to allow all IP addresses, use "*" or "autogroup:internet" { "test_id": "GRANT-V08", "description": "", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V09.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V09.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-V09.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-V09.hujson index 192301f9..700a2127 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-V09.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V09.hujson @@ -1,3 +1,8 @@ +// GRANT-V09 +// +// Grant: src=['*'] dst=['tag:exit'] ip=['tcp:443'] app={example.com/cap/exit-mixed} +// +// Expected: Rules on exit-node { "test_id": "GRANT-V09", "timestamp": "2026-02-23T15:40:19Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V10.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V10.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-V10.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-V10.hujson index bd6a9325..19b9b7cf 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-V10.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V10.hujson @@ -1,3 +1,8 @@ +// GRANT-V10 +// +// Grant: src=['*'] dst=['tag:router'] ip=['tcp:80'] app={example.com/cap/router-mixed} +// +// Expected: Rules on subnet-router { "test_id": "GRANT-V10", "timestamp": "2026-02-23T15:40:28Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V11.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V11.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-V11.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-V11.hujson index ec8c9ab3..9d74ff03 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-V11.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V11.hujson @@ -1,3 +1,8 @@ +// GRANT-V11 +// +// Grant: src=['tag:client'] dst=['10.33.0.0/16'] via=['tag:router'] ip=['*'] +// +// Expected: Rules on subnet-router { "test_id": "GRANT-V11", "timestamp": "2026-02-23T15:40:38Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V12.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V12.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-V12.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-V12.hujson index 7ad4c51b..07450de7 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-V12.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V12.hujson @@ -1,3 +1,8 @@ +// GRANT-V12 +// +// Grant: src=['autogroup:member'] dst=['10.33.0.0/16'] via=['tag:router'] ip=['*'] +// +// Expected: Rules on subnet-router { "test_id": "GRANT-V12", "timestamp": "2026-02-23T15:40:48Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V13.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V13.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-V13.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-V13.hujson index 85e0d058..f45facd3 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-V13.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V13.hujson @@ -1,3 +1,8 @@ +// GRANT-V13 +// +// Grant: src=['group:developers'] dst=['10.33.0.0/16'] via=['tag:router'] ip=['tcp:80', 'tcp:443'] +// +// Expected: Rules on subnet-router { "test_id": "GRANT-V13", "timestamp": "2026-02-23T15:40:58Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V14.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V14.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-V14.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-V14.hujson index ab02ea1e..bce483a1 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-V14.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V14.hujson @@ -1,3 +1,8 @@ +// GRANT-V14 +// +// Grant: src=['tag:client'] dst=['autogroup:internet'] via=['tag:exit'] ip=['*'] +// +// Expected: No filter rules on any node { "test_id": "GRANT-V14", "timestamp": "2026-03-28T11:50:41Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V15.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V15.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-V15.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-V15.hujson index ce5e72c9..3315b70b 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-V15.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V15.hujson @@ -1,3 +1,8 @@ +// GRANT-V15 +// +// Grant: src=['*'] dst=['autogroup:internet'] via=['tag:exit'] ip=['*'] +// +// Expected: No filter rules on any node { "test_id": "GRANT-V15", "timestamp": "2026-03-28T11:50:55Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V16.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V16.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-V16.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-V16.hujson index f9d076d0..01b8592a 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-V16.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V16.hujson @@ -1,3 +1,8 @@ +// GRANT-V16 +// +// Grant: src=['tag:client', 'autogroup:member'] dst=['autogroup:internet'] via=['tag:exit'] ip=['*'] +// +// Expected: No filter rules on any node { "test_id": "GRANT-V16", "timestamp": "2026-03-28T11:51:10Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V17.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V17.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-V17.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-V17.hujson index 4751548c..02e82863 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-V17.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V17.hujson @@ -1,3 +1,8 @@ +// GRANT-V17 +// +// Grant: src=['*'] dst=['10.33.0.0/16', '192.168.1.0/24'] via=['tag:router'] ip=['*'] +// +// Expected: Rules on subnet-router { "test_id": "GRANT-V17", "timestamp": "2026-02-23T15:41:15Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V18.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V18.hujson similarity index 88% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-V18.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-V18.hujson index 0e222d91..2b0d9792 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-V18.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V18.hujson @@ -1,3 +1,8 @@ +// GRANT-V18 +// +// Grant: src=['*'] dst=['0.0.0.0/0'] via=['tag:exit'] app={example.com/cap/exit-via-app} +// +// Expected: Error (HTTP 400) — dst "0.0.0.0/0": to allow all IP addresses, use "*" or "autogroup:internet" { "test_id": "GRANT-V18", "description": "", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V19.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V19.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-V19.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-V19.hujson index 65224277..264763a7 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-V19.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V19.hujson @@ -1,3 +1,8 @@ +// GRANT-V19 +// +// Grant: src=['autogroup:member'] dst=['tag:exit'] app={tailscale.com/cap/drive} +// +// Expected: Rules on exit-node, user-kris, user-mon, user1 { "test_id": "GRANT-V19", "timestamp": "2026-02-23T15:41:24Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V20.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V20.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-V20.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-V20.hujson index cc7f9ed1..e480bb6d 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-V20.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V20.hujson @@ -1,3 +1,8 @@ +// GRANT-V20 +// +// Grant: src=['autogroup:member'] dst=['tag:router'] app={tailscale.com/cap/kubernetes} +// +// Expected: Rules on subnet-router { "test_id": "GRANT-V20", "timestamp": "2026-02-23T15:41:34Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V21.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V21.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-V21.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-V21.hujson index 1842269f..97096eed 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-V21.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V21.hujson @@ -1,3 +1,8 @@ +// GRANT-V21 +// +// Grant: src=['*'] dst=['10.33.0.0/16'] via=['tag:router', 'tag:exit'] ip=['*'] +// +// Expected: Rules on subnet-router { "test_id": "GRANT-V21", "timestamp": "2026-02-23T15:41:43Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V22.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V22.hujson similarity index 89% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-V22.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-V22.hujson index 6dd281d7..a2221d57 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-V22.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V22.hujson @@ -1,3 +1,8 @@ +// GRANT-V22 +// +// Grant: src=['autogroup:member'] dst=['autogroup:internet'] ip=['tcp:443'] app={example.com/cap/internet-mixed} +// +// Expected: Error (HTTP 400) — cannot use app grants with autogroup:internet { "test_id": "GRANT-V22", "description": "", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V23.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V23.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-V23.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-V23.hujson index 802888d3..94ed9506 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-V23.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V23.hujson @@ -1,3 +1,8 @@ +// GRANT-V23 +// +// Grant: src=['*'] dst=['10.33.0.0/16'] via=['tag:router'] ip=['tcp:22', 'tcp:80', 'tcp:443'] +// +// Expected: Rules on subnet-router { "test_id": "GRANT-V23", "timestamp": "2026-02-23T15:41:53Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V24.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V24.hujson similarity index 88% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-V24.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-V24.hujson index 59ded751..12fbcf63 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-V24.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V24.hujson @@ -1,3 +1,8 @@ +// GRANT-V24 +// +// Grant: src=['tag:server'] dst=['autogroup:self'] app={example.com/cap/self-cap} +// +// Expected: Error (HTTP 400) — autogroup:self can only be used with users, groups, or supported autogroups { "test_id": "GRANT-V24", "description": "", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V25.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V25.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-V25.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-V25.hujson index d0fc2e43..c1e5ce7d 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-V25.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V25.hujson @@ -1,3 +1,8 @@ +// GRANT-V25 +// +// Grant: src=['autogroup:member'] dst=['autogroup:self'] app={example.com/cap/self-test} +// +// Expected: Rules on user-kris, user-mon, user1 { "test_id": "GRANT-V25", "timestamp": "2026-02-23T15:42:04Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V26.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V26.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-V26.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-V26.hujson index c37975a8..1a928378 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-V26.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V26.hujson @@ -1,3 +1,8 @@ +// GRANT-V26 +// +// Grant: src=['tag:group-a'] dst=['autogroup:internet'] via=['tag:exit-a'] ip=['*'] +// +// Expected: No filter rules on any node { "test_id": "GRANT-V26", "timestamp": "2026-03-28T11:51:26Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V27.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V27.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-V27.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-V27.hujson index 70307334..93ad3032 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-V27.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V27.hujson @@ -1,3 +1,8 @@ +// GRANT-V27 +// +// Grant: src=['autogroup:member'] dst=['autogroup:internet'] via=['tag:exit'] ip=['tcp:443'] +// +// Expected: No filter rules on any node { "test_id": "GRANT-V27", "timestamp": "2026-03-28T11:51:38Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V28.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V28.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-V28.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-V28.hujson index e7aa2639..1f363881 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-V28.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V28.hujson @@ -1,3 +1,10 @@ +// GRANT-V28 +// +// Grants: +// src=['tag:group-a'] dst=['autogroup:internet'] via=['tag:exit-a'] ip=['*'] +// src=['tag:group-b'] dst=['autogroup:internet'] via=['tag:exit-b'] ip=['*'] +// +// Expected: No filter rules on any node { "test_id": "GRANT-V28", "timestamp": "2026-03-28T11:51:51Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V29.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V29.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-V29.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-V29.hujson index 678016a7..c252c26e 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-V29.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V29.hujson @@ -1,3 +1,15 @@ +// GRANT-V29 +// +// WARNING: This file is consumed by TWO tests: +// 1. TestGrantsCompat (hscontrol/policy/v2/) — compares packet_filter_rules +// 2. TestViaGrantMapCompat (hscontrol/servertest/) — compares netmap structure +// Do NOT remove the 'netmap' field — it is required by TestViaGrantMapCompat. +// +// Grants: +// src=['tag:group-a'] dst=['10.44.0.0/16'] via=['tag:router-a'] ip=['*'] +// src=['tag:group-b'] dst=['10.55.0.0/16'] via=['tag:router-b'] ip=['*'] +// +// Expected: Rules on router-a, router-b { "test_id": "GRANT-V29", "timestamp": "2026-03-28T11:52:05Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V30.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V30.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-V30.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-V30.hujson index 6d51c6c6..3070d69a 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-V30.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V30.hujson @@ -1,3 +1,17 @@ +// GRANT-V30 +// +// WARNING: This file is consumed by TWO tests: +// 1. TestGrantsCompat (hscontrol/policy/v2/) — compares packet_filter_rules +// 2. TestViaGrantMapCompat (hscontrol/servertest/) — compares netmap structure +// Do NOT remove the 'netmap' field — it is required by TestViaGrantMapCompat. +// +// Grants: +// src=['tag:group-a'] dst=['10.44.0.0/16'] via=['tag:router-a'] ip=['*'] +// src=['tag:group-a'] dst=['autogroup:internet'] via=['tag:exit-b'] ip=['*'] +// src=['tag:group-b'] dst=['10.55.0.0/16'] via=['tag:router-b'] ip=['*'] +// src=['tag:group-b'] dst=['autogroup:internet'] via=['tag:exit-a'] ip=['*'] +// +// Expected: Rules on router-a, router-b { "test_id": "GRANT-V30", "timestamp": "2026-03-28T11:52:18Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V31.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V31.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-V31.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-V31.hujson index bc5e57e0..8350c5b3 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-V31.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V31.hujson @@ -1,3 +1,16 @@ +// GRANT-V31 +// +// WARNING: This file is consumed by TWO tests: +// 1. TestGrantsCompat (hscontrol/policy/v2/) — compares packet_filter_rules +// 2. TestViaGrantMapCompat (hscontrol/servertest/) — compares netmap structure +// Do NOT remove the 'netmap' field — it is required by TestViaGrantMapCompat. +// +// Grants: +// src=['tag:exit-a', 'tag:exit-b', 'tag:group-a', 'tag:group-b'] dst=['tag:exit-a', 'tag:exit-b', 'tag:group-a', 'tag:group-b'] ip=['*'] +// src=['tag:group-a'] dst=['autogroup:internet'] via=['tag:exit-a'] ip=['*'] +// src=['tag:group-b'] dst=['autogroup:internet'] via=['tag:exit-b'] ip=['*'] +// +// Expected: Rules on exit-a, exit-b, group-a-client, group-b-client { "test_id": "GRANT-V31", "timestamp": "2026-03-28T11:52:34Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V32.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V32.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-V32.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-V32.hujson index fe187325..e7048e39 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-V32.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V32.hujson @@ -1,3 +1,10 @@ +// GRANT-V32 +// +// Grants: +// src=['tag:client'] dst=['autogroup:internet'] via=['tag:exit'] ip=['*'] +// src=['autogroup:member'] dst=['tag:server'] ip=['22'] +// +// Expected: Rules on tagged-server { "test_id": "GRANT-V32", "timestamp": "2026-03-28T11:52:50Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V33.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V33.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-V33.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-V33.hujson index 3b4fe5a3..db29215a 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-V33.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V33.hujson @@ -1,3 +1,10 @@ +// GRANT-V33 +// +// Grants: +// src=['tag:client'] dst=['10.33.0.0/16'] via=['tag:router'] ip=['*'] +// src=['tag:client'] dst=['autogroup:internet'] via=['tag:exit'] ip=['*'] +// +// Expected: Rules on multi-exit-router, subnet-router { "test_id": "GRANT-V33", "timestamp": "2026-03-28T11:53:04Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V34.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V34.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-V34.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-V34.hujson index 9f6a1e5a..0c702ece 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-V34.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V34.hujson @@ -1,3 +1,8 @@ +// GRANT-V34 +// +// Grant: src=['*'] dst=['autogroup:internet'] via=['tag:exit-a', 'tag:exit-b'] ip=['*'] +// +// Expected: No filter rules on any node { "test_id": "GRANT-V34", "timestamp": "2026-03-28T11:53:16Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V35.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V35.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-V35.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-V35.hujson index b41f7531..caa225be 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-V35.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V35.hujson @@ -1,3 +1,8 @@ +// GRANT-V35 +// +// Grant: src=['tag:client'] dst=['10.99.0.0/16'] via=['tag:router'] ip=['*'] +// +// Expected: No filter rules on any node { "test_id": "GRANT-V35", "timestamp": "2026-03-28T11:53:31Z", diff --git a/hscontrol/policy/v2/testdata/grant_results/GRANT-V36.json b/hscontrol/policy/v2/testdata/grant_results/GRANT-V36.hujson similarity index 99% rename from hscontrol/policy/v2/testdata/grant_results/GRANT-V36.json rename to hscontrol/policy/v2/testdata/grant_results/GRANT-V36.hujson index 7972d1ec..041605c1 100644 --- a/hscontrol/policy/v2/testdata/grant_results/GRANT-V36.json +++ b/hscontrol/policy/v2/testdata/grant_results/GRANT-V36.hujson @@ -1,3 +1,18 @@ +// GRANT-V36 +// +// WARNING: This file is consumed by TWO tests: +// 1. TestGrantsCompat (hscontrol/policy/v2/) — compares packet_filter_rules +// 2. TestViaGrantMapCompat (hscontrol/servertest/) — compares netmap structure +// Do NOT remove the 'netmap' field — it is required by TestViaGrantMapCompat. +// +// Grants: +// src=['tag:group-a', 'tag:group-b', 'tag:exit-a', 'tag:exit-b', 'tag:router-a', 'tag:router-b'] dst=['tag:group-a', 'tag:group-b', 'tag:exit-a', 'tag:exit-b', 'tag:router-a', 'tag:router-b'] ip=['*'] +// src=['tag:group-a'] dst=['10.44.0.0/16'] via=['tag:router-a'] ip=['*'] +// src=['tag:group-b'] dst=['10.55.0.0/16'] via=['tag:router-b'] ip=['*'] +// src=['tag:group-a'] dst=['autogroup:internet'] via=['tag:exit-b'] ip=['*'] +// src=['tag:group-b'] dst=['autogroup:internet'] via=['tag:exit-a'] ip=['*'] +// +// Expected: Rules on 6 nodes { "test_id": "GRANT-V36", "timestamp": "2026-03-28T11:53:44Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-a1_wildcard_acl_includes_routes_in_srcips.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-a1_wildcard_acl_includes_routes_in_srcips.hujson similarity index 98% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-a1_wildcard_acl_includes_routes_in_srcips.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-a1_wildcard_acl_includes_routes_in_srcips.hujson index 75475d5f..0c8cd603 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-a1_wildcard_acl_includes_routes_in_srcips.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-a1_wildcard_acl_includes_routes_in_srcips.hujson @@ -1,3 +1,10 @@ +// ROUTES-a1_wildcard_acl_includes_routes_in_srcips +// +// ACL: accept: src=['*'] dst=['*:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 12 of 12 nodes { "test_id": "ROUTES-a1_wildcard_acl_includes_routes_in_srcips", "timestamp": "2026-03-17T16:13:48Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-a2_tag_based_acl_excludes_routes.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-a2_tag_based_acl_excludes_routes.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-a2_tag_based_acl_excludes_routes.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-a2_tag_based_acl_excludes_routes.hujson index 49552317..ecb5f7ec 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-a2_tag_based_acl_excludes_routes.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-a2_tag_based_acl_excludes_routes.hujson @@ -1,3 +1,10 @@ +// ROUTES-a2_tag_based_acl_excludes_routes +// +// ACL: accept: src=['tag:router'] dst=['tag:router:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 3 of 12 nodes { "test_id": "ROUTES-a2_tag_based_acl_excludes_routes", "timestamp": "2026-03-17T16:13:59Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-a3_explicit_subnet_filter_to_router.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-a3_explicit_subnet_filter_to_router.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-a3_explicit_subnet_filter_to_router.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-a3_explicit_subnet_filter_to_router.hujson index 50d19b0e..348fcfb2 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-a3_explicit_subnet_filter_to_router.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-a3_explicit_subnet_filter_to_router.hujson @@ -1,3 +1,10 @@ +// ROUTES-a3_explicit_subnet_filter_to_router +// +// ACL: accept: src=['*'] dst=['10.33.0.0/16:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-a3_explicit_subnet_filter_to_router", "timestamp": "2026-03-17T16:14:20Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-a3b_autogroup_member_to_subnet.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-a3b_autogroup_member_to_subnet.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-a3b_autogroup_member_to_subnet.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-a3b_autogroup_member_to_subnet.hujson index 1dfec777..7854c89b 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-a3b_autogroup_member_to_subnet.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-a3b_autogroup_member_to_subnet.hujson @@ -1,3 +1,10 @@ +// ROUTES-a3b_autogroup_member_to_subnet +// +// ACL: accept: src=['autogroup:member'] dst=['10.33.0.0/16:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-a3b_autogroup_member_to_subnet", "timestamp": "2026-03-17T16:14:10Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-a4_multiple_routes_same_router.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-a4_multiple_routes_same_router.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-a4_multiple_routes_same_router.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-a4_multiple_routes_same_router.hujson index 21740b1b..8a2071c5 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-a4_multiple_routes_same_router.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-a4_multiple_routes_same_router.hujson @@ -1,3 +1,10 @@ +// ROUTES-a4_multiple_routes_same_router +// +// ACL: accept: src=['*'] dst=['172.16.0.0/24:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 1 of 12 nodes { "test_id": "ROUTES-a4_multiple_routes_same_router", "timestamp": "2026-03-17T16:14:31Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-a5_host_alias_to_subnet.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-a5_host_alias_to_subnet.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-a5_host_alias_to_subnet.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-a5_host_alias_to_subnet.hujson index ebcb4786..427ef515 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-a5_host_alias_to_subnet.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-a5_host_alias_to_subnet.hujson @@ -1,3 +1,10 @@ +// ROUTES-a5_host_alias_to_subnet +// +// ACL: accept: src=['*'] dst=['internal:22'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-a5_host_alias_to_subnet", "timestamp": "2026-03-17T16:14:41Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-b10_exit_routes_not_in_primaryroutes.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-b10_exit_routes_not_in_primaryroutes.hujson similarity index 98% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-b10_exit_routes_not_in_primaryroutes.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-b10_exit_routes_not_in_primaryroutes.hujson index 0a2fb9a4..3fc1a88c 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-b10_exit_routes_not_in_primaryroutes.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-b10_exit_routes_not_in_primaryroutes.hujson @@ -1,3 +1,10 @@ +// ROUTES-b10_exit_routes_not_in_primaryroutes +// +// ACL: accept: src=['*'] dst=['*:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 12 of 12 nodes { "test_id": "ROUTES-b10_exit_routes_not_in_primaryroutes", "timestamp": "2026-03-17T16:14:52Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-b1_exit_routes_not_in_srcips.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-b1_exit_routes_not_in_srcips.hujson similarity index 98% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-b1_exit_routes_not_in_srcips.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-b1_exit_routes_not_in_srcips.hujson index c850a807..000754fb 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-b1_exit_routes_not_in_srcips.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-b1_exit_routes_not_in_srcips.hujson @@ -1,3 +1,10 @@ +// ROUTES-b1_exit_routes_not_in_srcips +// +// ACL: accept: src=['*'] dst=['*:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 12 of 12 nodes { "test_id": "ROUTES-b1_exit_routes_not_in_srcips", "timestamp": "2026-03-17T16:15:03Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-b2_tag_exit_excludes_exit_routes.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-b2_tag_exit_excludes_exit_routes.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-b2_tag_exit_excludes_exit_routes.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-b2_tag_exit_excludes_exit_routes.hujson index f071ba25..d919fefd 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-b2_tag_exit_excludes_exit_routes.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-b2_tag_exit_excludes_exit_routes.hujson @@ -1,3 +1,10 @@ +// ROUTES-b2_tag_exit_excludes_exit_routes +// +// ACL: accept: src=['tag:exit'] dst=['tag:exit:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-b2_tag_exit_excludes_exit_routes", "timestamp": "2026-03-17T16:15:13Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-b3_exit_node_advertises_routes.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-b3_exit_node_advertises_routes.hujson similarity index 98% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-b3_exit_node_advertises_routes.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-b3_exit_node_advertises_routes.hujson index a857caa2..ceb89c5f 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-b3_exit_node_advertises_routes.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-b3_exit_node_advertises_routes.hujson @@ -1,3 +1,10 @@ +// ROUTES-b3_exit_node_advertises_routes +// +// ACL: accept: src=['*'] dst=['*:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 12 of 12 nodes { "test_id": "ROUTES-b3_exit_node_advertises_routes", "timestamp": "2026-03-17T16:15:24Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-b4_multi_router_has_both_route_types.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-b4_multi_router_has_both_route_types.hujson similarity index 98% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-b4_multi_router_has_both_route_types.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-b4_multi_router_has_both_route_types.hujson index ef2c519b..602de1fc 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-b4_multi_router_has_both_route_types.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-b4_multi_router_has_both_route_types.hujson @@ -1,3 +1,10 @@ +// ROUTES-b4_multi_router_has_both_route_types +// +// ACL: accept: src=['*'] dst=['*:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 12 of 12 nodes { "test_id": "ROUTES-b4_multi_router_has_both_route_types", "timestamp": "2026-03-17T16:15:35Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-b5_exit_with_wildcard_dst.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-b5_exit_with_wildcard_dst.hujson similarity index 98% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-b5_exit_with_wildcard_dst.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-b5_exit_with_wildcard_dst.hujson index e4bdee3d..8fd5eba9 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-b5_exit_with_wildcard_dst.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-b5_exit_with_wildcard_dst.hujson @@ -1,3 +1,10 @@ +// ROUTES-b5_exit_with_wildcard_dst +// +// ACL: accept: src=['*'] dst=['*:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 12 of 12 nodes { "test_id": "ROUTES-b5_exit_with_wildcard_dst", "timestamp": "2026-03-17T16:15:45Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-b6_exit_node_option_field.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-b6_exit_node_option_field.hujson similarity index 98% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-b6_exit_node_option_field.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-b6_exit_node_option_field.hujson index d09f3079..b56a2b67 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-b6_exit_node_option_field.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-b6_exit_node_option_field.hujson @@ -1,3 +1,10 @@ +// ROUTES-b6_exit_node_option_field +// +// ACL: accept: src=['tag:exit'] dst=['*:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 12 of 12 nodes { "test_id": "ROUTES-b6_exit_node_option_field", "timestamp": "2026-03-17T16:15:56Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-b7_multiple_exit_nodes.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-b7_multiple_exit_nodes.hujson similarity index 98% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-b7_multiple_exit_nodes.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-b7_multiple_exit_nodes.hujson index 5588fcf4..6a04af57 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-b7_multiple_exit_nodes.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-b7_multiple_exit_nodes.hujson @@ -1,3 +1,10 @@ +// ROUTES-b7_multiple_exit_nodes +// +// ACL: accept: src=['tag:exit'] dst=['*:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 12 of 12 nodes { "test_id": "ROUTES-b7_multiple_exit_nodes", "timestamp": "2026-03-17T16:16:07Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-b8_autogroup_internet_no_filters.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-b8_autogroup_internet_no_filters.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-b8_autogroup_internet_no_filters.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-b8_autogroup_internet_no_filters.hujson index 24a18fbb..c822c632 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-b8_autogroup_internet_no_filters.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-b8_autogroup_internet_no_filters.hujson @@ -1,3 +1,10 @@ +// ROUTES-b8_autogroup_internet_no_filters +// +// ACL: accept: src=['autogroup:member'] dst=['autogroup:internet:*'] +// +// Routers: 6 nodes with routes +// +// Expected: No filter rules { "test_id": "ROUTES-b8_autogroup_internet_no_filters", "timestamp": "2026-03-17T16:16:17Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-b9_exit_routes_in_allowedips.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-b9_exit_routes_in_allowedips.hujson similarity index 98% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-b9_exit_routes_in_allowedips.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-b9_exit_routes_in_allowedips.hujson index 4c0dea3b..e0170774 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-b9_exit_routes_in_allowedips.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-b9_exit_routes_in_allowedips.hujson @@ -1,3 +1,10 @@ +// ROUTES-b9_exit_routes_in_allowedips +// +// ACL: accept: src=['*'] dst=['*:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 12 of 12 nodes { "test_id": "ROUTES-b9_exit_routes_in_allowedips", "timestamp": "2026-03-17T16:16:28Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-d10_auto_approval_retroactive.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-d10_auto_approval_retroactive.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-d10_auto_approval_retroactive.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-d10_auto_approval_retroactive.hujson index a2631ae0..e85d53b7 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-d10_auto_approval_retroactive.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-d10_auto_approval_retroactive.hujson @@ -1,3 +1,10 @@ +// ROUTES-d10_auto_approval_retroactive +// +// ACL: accept: src=['*'] dst=['10.33.0.0/16:443'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-d10_auto_approval_retroactive", "timestamp": "2026-03-17T16:16:38Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-d11_overlapping_auto_approvers.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-d11_overlapping_auto_approvers.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-d11_overlapping_auto_approvers.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-d11_overlapping_auto_approvers.hujson index 97e94456..ac998d2e 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-d11_overlapping_auto_approvers.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-d11_overlapping_auto_approvers.hujson @@ -1,3 +1,10 @@ +// ROUTES-d11_overlapping_auto_approvers +// +// ACL: accept: src=['*'] dst=['10.0.0.0/8:80'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-d11_overlapping_auto_approvers", "timestamp": "2026-03-17T16:16:49Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-d1_basic_route_auto_approval.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-d1_basic_route_auto_approval.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-d1_basic_route_auto_approval.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-d1_basic_route_auto_approval.hujson index 6f70d274..57e2d153 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-d1_basic_route_auto_approval.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-d1_basic_route_auto_approval.hujson @@ -1,3 +1,10 @@ +// ROUTES-d1_basic_route_auto_approval +// +// ACL: accept: src=['*'] dst=['10.33.0.0/16:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-d1_basic_route_auto_approval", "timestamp": "2026-03-17T16:17:00Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-d2_nested_prefix_approval.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-d2_nested_prefix_approval.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-d2_nested_prefix_approval.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-d2_nested_prefix_approval.hujson index 53b1e8c6..b6d08854 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-d2_nested_prefix_approval.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-d2_nested_prefix_approval.hujson @@ -1,3 +1,10 @@ +// ROUTES-d2_nested_prefix_approval +// +// ACL: accept: src=['*'] dst=['10.33.0.0/16:22'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-d2_nested_prefix_approval", "timestamp": "2026-03-17T16:17:10Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-d3_exact_prefix_approval.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-d3_exact_prefix_approval.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-d3_exact_prefix_approval.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-d3_exact_prefix_approval.hujson index 04d41b79..3cd3c107 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-d3_exact_prefix_approval.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-d3_exact_prefix_approval.hujson @@ -1,3 +1,10 @@ +// ROUTES-d3_exact_prefix_approval +// +// ACL: accept: src=['*'] dst=['10.33.0.0/16:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-d3_exact_prefix_approval", "timestamp": "2026-03-17T16:17:21Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-d4_prefix_not_covered.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-d4_prefix_not_covered.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-d4_prefix_not_covered.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-d4_prefix_not_covered.hujson index 22267774..dac6cb98 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-d4_prefix_not_covered.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-d4_prefix_not_covered.hujson @@ -1,3 +1,10 @@ +// ROUTES-d4_prefix_not_covered +// +// ACL: accept: src=['*'] dst=['192.168.1.0/24:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-d4_prefix_not_covered", "timestamp": "2026-03-17T16:17:32Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-d5_wrong_tag_not_approved.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-d5_wrong_tag_not_approved.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-d5_wrong_tag_not_approved.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-d5_wrong_tag_not_approved.hujson index fd79becb..2c476859 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-d5_wrong_tag_not_approved.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-d5_wrong_tag_not_approved.hujson @@ -1,3 +1,10 @@ +// ROUTES-d5_wrong_tag_not_approved +// +// ACL: accept: src=['tag:router'] dst=['192.168.1.0/24:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-d5_wrong_tag_not_approved", "timestamp": "2026-03-17T16:17:42Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-d6_exit_node_auto_approval.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-d6_exit_node_auto_approval.hujson similarity index 98% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-d6_exit_node_auto_approval.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-d6_exit_node_auto_approval.hujson index 58117dca..73820b87 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-d6_exit_node_auto_approval.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-d6_exit_node_auto_approval.hujson @@ -1,3 +1,10 @@ +// ROUTES-d6_exit_node_auto_approval +// +// ACL: accept: src=['*'] dst=['*:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 12 of 12 nodes { "test_id": "ROUTES-d6_exit_node_auto_approval", "timestamp": "2026-03-17T16:17:53Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-d7_exit_auto_approval_wrong_tag.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-d7_exit_auto_approval_wrong_tag.hujson similarity index 98% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-d7_exit_auto_approval_wrong_tag.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-d7_exit_auto_approval_wrong_tag.hujson index 7a12b2f9..7b278826 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-d7_exit_auto_approval_wrong_tag.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-d7_exit_auto_approval_wrong_tag.hujson @@ -1,3 +1,10 @@ +// ROUTES-d7_exit_auto_approval_wrong_tag +// +// ACL: accept: src=['tag:exit'] dst=['*:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 12 of 12 nodes { "test_id": "ROUTES-d7_exit_auto_approval_wrong_tag", "timestamp": "2026-03-17T16:18:04Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-d8_auto_approval_acl_interaction.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-d8_auto_approval_acl_interaction.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-d8_auto_approval_acl_interaction.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-d8_auto_approval_acl_interaction.hujson index 44f9adf8..fbea5e78 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-d8_auto_approval_acl_interaction.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-d8_auto_approval_acl_interaction.hujson @@ -1,3 +1,10 @@ +// ROUTES-d8_auto_approval_acl_interaction +// +// ACL: accept: src=['autogroup:member'] dst=['10.33.0.0/16:22'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-d8_auto_approval_acl_interaction", "timestamp": "2026-03-17T16:18:14Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-d9_auto_approval_triggers_on_advertise.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-d9_auto_approval_triggers_on_advertise.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-d9_auto_approval_triggers_on_advertise.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-d9_auto_approval_triggers_on_advertise.hujson index b0722e2d..097e7718 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-d9_auto_approval_triggers_on_advertise.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-d9_auto_approval_triggers_on_advertise.hujson @@ -1,3 +1,10 @@ +// ROUTES-d9_auto_approval_triggers_on_advertise +// +// ACL: accept: src=['*'] dst=['10.33.0.0/16:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-d9_auto_approval_triggers_on_advertise", "timestamp": "2026-03-17T16:18:25Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-e1_ha_two_routers_same_subnet.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-e1_ha_two_routers_same_subnet.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-e1_ha_two_routers_same_subnet.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-e1_ha_two_routers_same_subnet.hujson index 2e84bb76..2dc8dece 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-e1_ha_two_routers_same_subnet.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-e1_ha_two_routers_same_subnet.hujson @@ -1,3 +1,10 @@ +// ROUTES-e1_ha_two_routers_same_subnet +// +// ACL: accept: src=['*'] dst=['192.168.1.0/24:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-e1_ha_two_routers_same_subnet", "timestamp": "2026-03-17T16:18:36Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-e2_ha_primary_in_allowedips.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-e2_ha_primary_in_allowedips.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-e2_ha_primary_in_allowedips.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-e2_ha_primary_in_allowedips.hujson index 0247e9d3..8d4d5acc 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-e2_ha_primary_in_allowedips.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-e2_ha_primary_in_allowedips.hujson @@ -1,3 +1,10 @@ +// ROUTES-e2_ha_primary_in_allowedips +// +// ACL: accept: src=['*'] dst=['192.168.1.0/24:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-e2_ha_primary_in_allowedips", "timestamp": "2026-03-17T16:18:46Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-e3_ha_secondary_no_route_in_allowedips.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-e3_ha_secondary_no_route_in_allowedips.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-e3_ha_secondary_no_route_in_allowedips.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-e3_ha_secondary_no_route_in_allowedips.hujson index e711deb1..850f84f6 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-e3_ha_secondary_no_route_in_allowedips.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-e3_ha_secondary_no_route_in_allowedips.hujson @@ -1,3 +1,10 @@ +// ROUTES-e3_ha_secondary_no_route_in_allowedips +// +// ACL: accept: src=['*'] dst=['192.168.1.0/24:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-e3_ha_secondary_no_route_in_allowedips", "timestamp": "2026-03-17T16:18:57Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-e4_ha_both_get_filters_host_alias.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-e4_ha_both_get_filters_host_alias.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-e4_ha_both_get_filters_host_alias.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-e4_ha_both_get_filters_host_alias.hujson index 38b1c38c..cd150c6b 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-e4_ha_both_get_filters_host_alias.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-e4_ha_both_get_filters_host_alias.hujson @@ -1,3 +1,10 @@ +// ROUTES-e4_ha_both_get_filters_host_alias +// +// ACL: accept: src=['*'] dst=['subnet24:22'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-e4_ha_both_get_filters_host_alias", "timestamp": "2026-03-17T16:19:07Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-e5_first_advertiser_is_primary.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-e5_first_advertiser_is_primary.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-e5_first_advertiser_is_primary.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-e5_first_advertiser_is_primary.hujson index 41babe10..c9ca7ed4 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-e5_first_advertiser_is_primary.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-e5_first_advertiser_is_primary.hujson @@ -1,3 +1,10 @@ +// ROUTES-e5_first_advertiser_is_primary +// +// ACL: accept: src=['*'] dst=['192.168.1.0/24:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-e5_first_advertiser_is_primary", "timestamp": "2026-03-17T16:19:18Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-f1_filter_on_destination_not_source.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-f1_filter_on_destination_not_source.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-f1_filter_on_destination_not_source.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-f1_filter_on_destination_not_source.hujson index 256237ec..4c624d5b 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-f1_filter_on_destination_not_source.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-f1_filter_on_destination_not_source.hujson @@ -1,3 +1,10 @@ +// ROUTES-f1_filter_on_destination_not_source +// +// ACL: accept: src=['autogroup:member'] dst=['10.33.0.0/16:22'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-f1_filter_on_destination_not_source", "timestamp": "2026-03-17T16:19:29Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-f2_subnet_as_acl_source.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-f2_subnet_as_acl_source.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-f2_subnet_as_acl_source.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-f2_subnet_as_acl_source.hujson index 86abae9b..1273baa6 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-f2_subnet_as_acl_source.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-f2_subnet_as_acl_source.hujson @@ -1,3 +1,10 @@ +// ROUTES-f2_subnet_as_acl_source +// +// ACL: accept: src=['10.33.0.0/16'] dst=['autogroup:member:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 3 of 12 nodes { "test_id": "ROUTES-f2_subnet_as_acl_source", "timestamp": "2026-03-17T16:19:39Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-f3_wildcard_src_specific_dst.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-f3_wildcard_src_specific_dst.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-f3_wildcard_src_specific_dst.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-f3_wildcard_src_specific_dst.hujson index 8dd0abe6..d7079826 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-f3_wildcard_src_specific_dst.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-f3_wildcard_src_specific_dst.hujson @@ -1,3 +1,10 @@ +// ROUTES-f3_wildcard_src_specific_dst +// +// ACL: accept: src=['*'] dst=['10.33.0.0/16:22'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-f3_wildcard_src_specific_dst", "timestamp": "2026-03-17T16:19:50Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-f4_specific_src_wildcard_dst.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-f4_specific_src_wildcard_dst.hujson similarity index 98% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-f4_specific_src_wildcard_dst.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-f4_specific_src_wildcard_dst.hujson index b41010ff..2b4e9d41 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-f4_specific_src_wildcard_dst.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-f4_specific_src_wildcard_dst.hujson @@ -1,3 +1,10 @@ +// ROUTES-f4_specific_src_wildcard_dst +// +// ACL: accept: src=['tag:router'] dst=['*:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 12 of 12 nodes { "test_id": "ROUTES-f4_specific_src_wildcard_dst", "timestamp": "2026-03-17T16:20:01Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-f5_bidirectional_subnet_access.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-f5_bidirectional_subnet_access.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-f5_bidirectional_subnet_access.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-f5_bidirectional_subnet_access.hujson index a3c55539..e431f2b4 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-f5_bidirectional_subnet_access.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-f5_bidirectional_subnet_access.hujson @@ -1,3 +1,12 @@ +// ROUTES-f5_bidirectional_subnet_access +// +// ACLs: +// accept: src=['autogroup:member'] dst=['10.33.0.0/16:*'] +// accept: src=['10.33.0.0/16'] dst=['autogroup:member:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 5 of 12 nodes { "test_id": "ROUTES-f5_bidirectional_subnet_access", "timestamp": "2026-03-17T16:20:11Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-f6_filter_srcips_expansion.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-f6_filter_srcips_expansion.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-f6_filter_srcips_expansion.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-f6_filter_srcips_expansion.hujson index f191ae3f..7474b734 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-f6_filter_srcips_expansion.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-f6_filter_srcips_expansion.hujson @@ -1,3 +1,10 @@ +// ROUTES-f6_filter_srcips_expansion +// +// ACL: accept: src=['autogroup:member'] dst=['10.33.0.0/16:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-f6_filter_srcips_expansion", "timestamp": "2026-03-17T16:20:22Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-f7_filter_dstports_shows_acl_cidr.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-f7_filter_dstports_shows_acl_cidr.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-f7_filter_dstports_shows_acl_cidr.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-f7_filter_dstports_shows_acl_cidr.hujson index 18b4284b..4a27a624 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-f7_filter_dstports_shows_acl_cidr.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-f7_filter_dstports_shows_acl_cidr.hujson @@ -1,3 +1,10 @@ +// ROUTES-f7_filter_dstports_shows_acl_cidr +// +// ACL: accept: src=['*'] dst=['10.33.1.0/24:22'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-f7_filter_dstports_shows_acl_cidr", "timestamp": "2026-03-17T16:20:32Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-f8_route_enabled_acl_denies.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-f8_route_enabled_acl_denies.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-f8_route_enabled_acl_denies.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-f8_route_enabled_acl_denies.hujson index e8113746..a9443ded 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-f8_route_enabled_acl_denies.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-f8_route_enabled_acl_denies.hujson @@ -1,3 +1,10 @@ +// ROUTES-f8_route_enabled_acl_denies +// +// ACL: accept: src=['group:empty'] dst=['10.33.0.0/16:*'] +// +// Routers: 6 nodes with routes +// +// Expected: No filter rules { "test_id": "ROUTES-f8_route_enabled_acl_denies", "timestamp": "2026-03-17T16:20:43Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-f9_route_disabled_acl_allows.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-f9_route_disabled_acl_allows.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-f9_route_disabled_acl_allows.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-f9_route_disabled_acl_allows.hujson index 7b495d45..29de123c 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-f9_route_disabled_acl_allows.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-f9_route_disabled_acl_allows.hujson @@ -1,3 +1,10 @@ +// ROUTES-f9_route_disabled_acl_allows +// +// ACL: accept: src=['*'] dst=['10.99.0.0/16:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 1 of 12 nodes { "test_id": "ROUTES-f9_route_disabled_acl_allows", "timestamp": "2026-03-17T16:20:54Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-g1_port_restriction_subnet.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-g1_port_restriction_subnet.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-g1_port_restriction_subnet.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-g1_port_restriction_subnet.hujson index f90f5f66..81e40dbd 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-g1_port_restriction_subnet.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-g1_port_restriction_subnet.hujson @@ -1,3 +1,10 @@ +// ROUTES-g1_port_restriction_subnet +// +// ACL: accept: src=['autogroup:member'] dst=['10.33.0.0/16:22'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-g1_port_restriction_subnet", "timestamp": "2026-03-17T16:21:04Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-g2_port_range_subnet.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-g2_port_range_subnet.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-g2_port_range_subnet.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-g2_port_range_subnet.hujson index faf6e921..03a7108a 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-g2_port_range_subnet.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-g2_port_range_subnet.hujson @@ -1,3 +1,10 @@ +// ROUTES-g2_port_range_subnet +// +// ACL: accept: src=['*'] dst=['10.33.0.0/16:80-443'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-g2_port_range_subnet", "timestamp": "2026-03-17T16:21:15Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-g3_multiple_ports_subnet.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-g3_multiple_ports_subnet.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-g3_multiple_ports_subnet.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-g3_multiple_ports_subnet.hujson index 5fdc7fd9..493814a8 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-g3_multiple_ports_subnet.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-g3_multiple_ports_subnet.hujson @@ -1,3 +1,10 @@ +// ROUTES-g3_multiple_ports_subnet +// +// ACL: accept: src=['*'] dst=['10.33.0.0/16:22,80,443'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-g3_multiple_ports_subnet", "timestamp": "2026-03-17T16:21:26Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-g4_protocol_icmp_subnet.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-g4_protocol_icmp_subnet.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-g4_protocol_icmp_subnet.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-g4_protocol_icmp_subnet.hujson index 0c50a85e..4f9a6bb0 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-g4_protocol_icmp_subnet.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-g4_protocol_icmp_subnet.hujson @@ -1,3 +1,10 @@ +// ROUTES-g4_protocol_icmp_subnet +// +// ACL: accept: src=['*'] dst=['10.33.0.0/16:*'] proto=icmp +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-g4_protocol_icmp_subnet", "timestamp": "2026-03-17T16:21:36Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-g5_protocol_tcp_only.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-g5_protocol_tcp_only.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-g5_protocol_tcp_only.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-g5_protocol_tcp_only.hujson index 0ae337ce..ee34c4fe 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-g5_protocol_tcp_only.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-g5_protocol_tcp_only.hujson @@ -1,3 +1,10 @@ +// ROUTES-g5_protocol_tcp_only +// +// ACL: accept: src=['*'] dst=['10.33.0.0/16:22'] proto=tcp +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-g5_protocol_tcp_only", "timestamp": "2026-03-17T16:21:47Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-g6_protocol_udp_only.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-g6_protocol_udp_only.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-g6_protocol_udp_only.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-g6_protocol_udp_only.hujson index 6f74e2e6..a1903f10 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-g6_protocol_udp_only.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-g6_protocol_udp_only.hujson @@ -1,3 +1,10 @@ +// ROUTES-g6_protocol_udp_only +// +// ACL: accept: src=['*'] dst=['10.33.0.0/16:53'] proto=udp +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-g6_protocol_udp_only", "timestamp": "2026-03-17T16:21:58Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-g7_all_ports_wildcard.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-g7_all_ports_wildcard.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-g7_all_ports_wildcard.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-g7_all_ports_wildcard.hujson index 13c1ade5..688913db 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-g7_all_ports_wildcard.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-g7_all_ports_wildcard.hujson @@ -1,3 +1,10 @@ +// ROUTES-g7_all_ports_wildcard +// +// ACL: accept: src=['autogroup:member'] dst=['10.33.0.0/16:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-g7_all_ports_wildcard", "timestamp": "2026-03-17T16:22:08Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-g8_default_ipproto.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-g8_default_ipproto.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-g8_default_ipproto.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-g8_default_ipproto.hujson index a02e66af..718ddeaa 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-g8_default_ipproto.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-g8_default_ipproto.hujson @@ -1,3 +1,10 @@ +// ROUTES-g8_default_ipproto +// +// ACL: accept: src=['*'] dst=['10.33.0.0/16:22'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-g8_default_ipproto", "timestamp": "2026-03-17T16:22:19Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-h10_very_small_prefix.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-h10_very_small_prefix.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-h10_very_small_prefix.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-h10_very_small_prefix.hujson index 78ee84c8..0e05c9b5 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-h10_very_small_prefix.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-h10_very_small_prefix.hujson @@ -1,3 +1,10 @@ +// ROUTES-h10_very_small_prefix +// +// ACL: accept: src=['*'] dst=['10.33.0.100/32:80'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-h10_very_small_prefix", "timestamp": "2026-03-17T16:22:30Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-h11_ipv6_small_prefix.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-h11_ipv6_small_prefix.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-h11_ipv6_small_prefix.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-h11_ipv6_small_prefix.hujson index 35f45c1b..a1e68b81 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-h11_ipv6_small_prefix.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-h11_ipv6_small_prefix.hujson @@ -1,3 +1,10 @@ +// ROUTES-h11_ipv6_small_prefix +// +// ACL: accept: src=['*'] dst=['fd00::1/128:443'] +// +// Routers: 6 nodes with routes +// +// Expected: No filter rules { "test_id": "ROUTES-h11_ipv6_small_prefix", "timestamp": "2026-03-17T16:22:40Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-h1_wildcard_srcips_format.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-h1_wildcard_srcips_format.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-h1_wildcard_srcips_format.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-h1_wildcard_srcips_format.hujson index e602db12..4d520293 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-h1_wildcard_srcips_format.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-h1_wildcard_srcips_format.hujson @@ -1,3 +1,10 @@ +// ROUTES-h1_wildcard_srcips_format +// +// ACL: accept: src=['*'] dst=['tag:router:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 3 of 12 nodes { "test_id": "ROUTES-h1_wildcard_srcips_format", "timestamp": "2026-03-17T16:22:51Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-h2_wildcard_dstports_format.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-h2_wildcard_dstports_format.hujson similarity index 98% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-h2_wildcard_dstports_format.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-h2_wildcard_dstports_format.hujson index bb34ae88..2630bce6 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-h2_wildcard_dstports_format.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-h2_wildcard_dstports_format.hujson @@ -1,3 +1,10 @@ +// ROUTES-h2_wildcard_dstports_format +// +// ACL: accept: src=['autogroup:member'] dst=['*:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 12 of 12 nodes { "test_id": "ROUTES-h2_wildcard_dstports_format", "timestamp": "2026-03-17T16:23:01Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-h3_cgnat_range_expansion.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-h3_cgnat_range_expansion.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-h3_cgnat_range_expansion.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-h3_cgnat_range_expansion.hujson index 49857f2f..ed701784 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-h3_cgnat_range_expansion.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-h3_cgnat_range_expansion.hujson @@ -1,3 +1,10 @@ +// ROUTES-h3_cgnat_range_expansion +// +// ACL: accept: src=['*'] dst=['tag:router:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 3 of 12 nodes { "test_id": "ROUTES-h3_cgnat_range_expansion", "timestamp": "2026-03-17T16:23:12Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-h4_ipv6_range_in_srcips.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-h4_ipv6_range_in_srcips.hujson similarity index 98% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-h4_ipv6_range_in_srcips.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-h4_ipv6_range_in_srcips.hujson index ce796e26..f26f2f90 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-h4_ipv6_range_in_srcips.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-h4_ipv6_range_in_srcips.hujson @@ -1,3 +1,10 @@ +// ROUTES-h4_ipv6_range_in_srcips +// +// ACL: accept: src=['*'] dst=['*:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 12 of 12 nodes { "test_id": "ROUTES-h4_ipv6_range_in_srcips", "timestamp": "2026-03-17T16:23:23Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-h5_subnet_overlaps_cgnat.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-h5_subnet_overlaps_cgnat.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-h5_subnet_overlaps_cgnat.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-h5_subnet_overlaps_cgnat.hujson index f9b1f1be..5ca15f58 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-h5_subnet_overlaps_cgnat.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-h5_subnet_overlaps_cgnat.hujson @@ -1,3 +1,10 @@ +// ROUTES-h5_subnet_overlaps_cgnat +// +// ACL: accept: src=['*'] dst=['100.64.0.0/24:*'] +// +// Routers: 6 nodes with routes +// +// Expected: No filter rules { "test_id": "ROUTES-h5_subnet_overlaps_cgnat", "timestamp": "2026-03-17T16:23:33Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-h6_loopback_routes_not_distributed.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-h6_loopback_routes_not_distributed.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-h6_loopback_routes_not_distributed.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-h6_loopback_routes_not_distributed.hujson index abaed0be..46422317 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-h6_loopback_routes_not_distributed.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-h6_loopback_routes_not_distributed.hujson @@ -1,3 +1,10 @@ +// ROUTES-h6_loopback_routes_not_distributed +// +// ACL: accept: src=['*'] dst=['127.0.0.1/32:*'] +// +// Routers: 6 nodes with routes +// +// Expected: No filter rules { "test_id": "ROUTES-h6_loopback_routes_not_distributed", "timestamp": "2026-03-17T16:23:44Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-h7_two_nodes_same_subnet.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-h7_two_nodes_same_subnet.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-h7_two_nodes_same_subnet.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-h7_two_nodes_same_subnet.hujson index c41dabaa..7daa7d76 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-h7_two_nodes_same_subnet.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-h7_two_nodes_same_subnet.hujson @@ -1,3 +1,10 @@ +// ROUTES-h7_two_nodes_same_subnet +// +// ACL: accept: src=['*'] dst=['192.168.1.0/24:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-h7_two_nodes_same_subnet", "timestamp": "2026-03-17T16:23:55Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-h8_cgnat_overlap_blocked.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-h8_cgnat_overlap_blocked.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-h8_cgnat_overlap_blocked.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-h8_cgnat_overlap_blocked.hujson index aca95c52..db01bcf7 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-h8_cgnat_overlap_blocked.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-h8_cgnat_overlap_blocked.hujson @@ -1,3 +1,10 @@ +// ROUTES-h8_cgnat_overlap_blocked +// +// ACL: accept: src=['*'] dst=['100.100.0.0/16:*'] +// +// Routers: 6 nodes with routes +// +// Expected: No filter rules { "test_id": "ROUTES-h8_cgnat_overlap_blocked", "timestamp": "2026-03-17T16:24:05Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-h9_large_prefix_works.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-h9_large_prefix_works.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-h9_large_prefix_works.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-h9_large_prefix_works.hujson index 4ba1c93c..0917dfab 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-h9_large_prefix_works.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-h9_large_prefix_works.hujson @@ -1,3 +1,10 @@ +// ROUTES-h9_large_prefix_works +// +// ACL: accept: src=['autogroup:member'] dst=['10.0.0.0/8:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-h9_large_prefix_works", "timestamp": "2026-03-17T16:24:16Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-i1_ipv6_subnet_route.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-i1_ipv6_subnet_route.hujson similarity index 98% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-i1_ipv6_subnet_route.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-i1_ipv6_subnet_route.hujson index 7853c87a..61e95f75 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-i1_ipv6_subnet_route.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-i1_ipv6_subnet_route.hujson @@ -1,3 +1,10 @@ +// ROUTES-i1_ipv6_subnet_route +// +// ACL: accept: src=['*'] dst=['*:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 12 of 12 nodes { "test_id": "ROUTES-i1_ipv6_subnet_route", "timestamp": "2026-03-17T16:24:27Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-i2_ipv6_exit_route.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-i2_ipv6_exit_route.hujson similarity index 98% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-i2_ipv6_exit_route.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-i2_ipv6_exit_route.hujson index f773a010..def3a0a8 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-i2_ipv6_exit_route.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-i2_ipv6_exit_route.hujson @@ -1,3 +1,10 @@ +// ROUTES-i2_ipv6_exit_route +// +// ACL: accept: src=['*'] dst=['*:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 12 of 12 nodes { "test_id": "ROUTES-i2_ipv6_exit_route", "timestamp": "2026-03-17T16:24:37Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-i3_ipv6_in_wildcard_srcips.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-i3_ipv6_in_wildcard_srcips.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-i3_ipv6_in_wildcard_srcips.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-i3_ipv6_in_wildcard_srcips.hujson index 4e3a85b5..f0d15411 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-i3_ipv6_in_wildcard_srcips.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-i3_ipv6_in_wildcard_srcips.hujson @@ -1,3 +1,10 @@ +// ROUTES-i3_ipv6_in_wildcard_srcips +// +// ACL: accept: src=['*'] dst=['tag:router:22'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 3 of 12 nodes { "test_id": "ROUTES-i3_ipv6_in_wildcard_srcips", "timestamp": "2026-03-17T16:24:48Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-i4_ipv6_specific_acl.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-i4_ipv6_specific_acl.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-i4_ipv6_specific_acl.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-i4_ipv6_specific_acl.hujson index 3d5ab3ce..c1769f4b 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-i4_ipv6_specific_acl.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-i4_ipv6_specific_acl.hujson @@ -1,3 +1,10 @@ +// ROUTES-i4_ipv6_specific_acl +// +// ACL: accept: src=['*'] dst=['fd00:1::/64:443'] +// +// Routers: 6 nodes with routes +// +// Expected: No filter rules { "test_id": "ROUTES-i4_ipv6_specific_acl", "timestamp": "2026-03-17T16:24:59Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-i5_ipv6_parent_child_routes.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-i5_ipv6_parent_child_routes.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-i5_ipv6_parent_child_routes.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-i5_ipv6_parent_child_routes.hujson index 73b425b8..bc278ef8 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-i5_ipv6_parent_child_routes.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-i5_ipv6_parent_child_routes.hujson @@ -1,3 +1,10 @@ +// ROUTES-i5_ipv6_parent_child_routes +// +// ACL: accept: src=['autogroup:member'] dst=['fd00:1:2::/80:*'] +// +// Routers: 6 nodes with routes +// +// Expected: No filter rules { "test_id": "ROUTES-i5_ipv6_parent_child_routes", "timestamp": "2026-03-17T16:25:09Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-i6_dual_stack_node.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-i6_dual_stack_node.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-i6_dual_stack_node.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-i6_dual_stack_node.hujson index 34eabe05..d0dbbafb 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-i6_dual_stack_node.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-i6_dual_stack_node.hujson @@ -1,3 +1,12 @@ +// ROUTES-i6_dual_stack_node +// +// ACLs: +// accept: src=['*'] dst=['10.33.0.0/16:*'] +// accept: src=['*'] dst=['fd00:1::/64:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-i6_dual_stack_node", "timestamp": "2026-03-17T16:25:20Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-i7_ipv6_exit_coverage.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-i7_ipv6_exit_coverage.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-i7_ipv6_exit_coverage.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-i7_ipv6_exit_coverage.hujson index 37941edc..f4746c49 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-i7_ipv6_exit_coverage.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-i7_ipv6_exit_coverage.hujson @@ -1,3 +1,10 @@ +// ROUTES-i7_ipv6_exit_coverage +// +// ACL: accept: src=['*'] dst=['2001:db8::/32:443'] +// +// Routers: 6 nodes with routes +// +// Expected: No filter rules { "test_id": "ROUTES-i7_ipv6_exit_coverage", "timestamp": "2026-03-17T16:25:31Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-o10_acl_dest_covered_by_multiple.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-o10_acl_dest_covered_by_multiple.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-o10_acl_dest_covered_by_multiple.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-o10_acl_dest_covered_by_multiple.hujson index f4ab75ac..8a61f510 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-o10_acl_dest_covered_by_multiple.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-o10_acl_dest_covered_by_multiple.hujson @@ -1,3 +1,10 @@ +// ROUTES-o10_acl_dest_covered_by_multiple +// +// ACL: accept: src=['*'] dst=['10.33.1.0/24:22'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-o10_acl_dest_covered_by_multiple", "timestamp": "2026-03-17T16:25:41Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-o11_acl_dest_not_covered.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-o11_acl_dest_not_covered.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-o11_acl_dest_not_covered.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-o11_acl_dest_not_covered.hujson index 8ff7bf47..6431d430 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-o11_acl_dest_not_covered.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-o11_acl_dest_not_covered.hujson @@ -1,3 +1,10 @@ +// ROUTES-o11_acl_dest_not_covered +// +// ACL: accept: src=['*'] dst=['192.168.99.0/24:22'] +// +// Routers: 6 nodes with routes +// +// Expected: No filter rules { "test_id": "ROUTES-o11_acl_dest_not_covered", "timestamp": "2026-03-17T16:25:52Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-o12_filter_dest_is_acl_cidr.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-o12_filter_dest_is_acl_cidr.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-o12_filter_dest_is_acl_cidr.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-o12_filter_dest_is_acl_cidr.hujson index 085417ec..6423a3ab 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-o12_filter_dest_is_acl_cidr.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-o12_filter_dest_is_acl_cidr.hujson @@ -1,3 +1,10 @@ +// ROUTES-o12_filter_dest_is_acl_cidr +// +// ACL: accept: src=['*'] dst=['10.33.1.0/24:22'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-o12_filter_dest_is_acl_cidr", "timestamp": "2026-03-17T16:26:03Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-o1_overlapping_routes_not_merged.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-o1_overlapping_routes_not_merged.hujson similarity index 98% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-o1_overlapping_routes_not_merged.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-o1_overlapping_routes_not_merged.hujson index a56aa161..676eb701 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-o1_overlapping_routes_not_merged.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-o1_overlapping_routes_not_merged.hujson @@ -1,3 +1,10 @@ +// ROUTES-o1_overlapping_routes_not_merged +// +// ACL: accept: src=['*'] dst=['*:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 12 of 12 nodes { "test_id": "ROUTES-o1_overlapping_routes_not_merged", "timestamp": "2026-03-17T16:26:13Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-o2_ha_routers_both_get_filter.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-o2_ha_routers_both_get_filter.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-o2_ha_routers_both_get_filter.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-o2_ha_routers_both_get_filter.hujson index f8cedc7e..b9c36414 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-o2_ha_routers_both_get_filter.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-o2_ha_routers_both_get_filter.hujson @@ -1,3 +1,10 @@ +// ROUTES-o2_ha_routers_both_get_filter +// +// ACL: accept: src=['*'] dst=['192.168.1.0/24:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-o2_ha_routers_both_get_filter", "timestamp": "2026-03-17T16:26:24Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-o3_parent_child_different_nodes.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-o3_parent_child_different_nodes.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-o3_parent_child_different_nodes.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-o3_parent_child_different_nodes.hujson index de3a20d5..51c81fc1 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-o3_parent_child_different_nodes.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-o3_parent_child_different_nodes.hujson @@ -1,3 +1,10 @@ +// ROUTES-o3_parent_child_different_nodes +// +// ACL: accept: src=['*'] dst=['10.33.1.0/24:22'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-o3_parent_child_different_nodes", "timestamp": "2026-03-17T16:26:34Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-o4_three_way_hierarchy.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-o4_three_way_hierarchy.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-o4_three_way_hierarchy.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-o4_three_way_hierarchy.hujson index 3b6a5711..98c96d86 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-o4_three_way_hierarchy.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-o4_three_way_hierarchy.hujson @@ -1,3 +1,10 @@ +// ROUTES-o4_three_way_hierarchy +// +// ACL: accept: src=['*'] dst=['10.33.1.128/25:22'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-o4_three_way_hierarchy", "timestamp": "2026-03-17T16:26:45Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-o5_sibling_routes_with_parent_acl.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-o5_sibling_routes_with_parent_acl.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-o5_sibling_routes_with_parent_acl.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-o5_sibling_routes_with_parent_acl.hujson index d81e9aca..0c197bbf 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-o5_sibling_routes_with_parent_acl.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-o5_sibling_routes_with_parent_acl.hujson @@ -1,3 +1,10 @@ +// ROUTES-o5_sibling_routes_with_parent_acl +// +// ACL: accept: src=['*'] dst=['10.0.0.0/8:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-o5_sibling_routes_with_parent_acl", "timestamp": "2026-03-17T16:26:56Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-o6_exit_route_expands_filter_dist.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-o6_exit_route_expands_filter_dist.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-o6_exit_route_expands_filter_dist.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-o6_exit_route_expands_filter_dist.hujson index 010fc6f4..df5dc5bc 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-o6_exit_route_expands_filter_dist.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-o6_exit_route_expands_filter_dist.hujson @@ -1,3 +1,10 @@ +// ROUTES-o6_exit_route_expands_filter_dist +// +// ACL: accept: src=['*'] dst=['8.8.8.0/24:53'] +// +// Routers: 6 nodes with routes +// +// Expected: No filter rules { "test_id": "ROUTES-o6_exit_route_expands_filter_dist", "timestamp": "2026-03-17T16:27:06Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-o7_specific_ip_targeting.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-o7_specific_ip_targeting.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-o7_specific_ip_targeting.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-o7_specific_ip_targeting.hujson index ef57da1c..d9457e6a 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-o7_specific_ip_targeting.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-o7_specific_ip_targeting.hujson @@ -1,3 +1,10 @@ +// ROUTES-o7_specific_ip_targeting +// +// ACL: accept: src=['*'] dst=['10.33.0.100/32:80'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-o7_specific_ip_targeting", "timestamp": "2026-03-17T16:27:17Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-o8_same_node_overlapping_routes.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-o8_same_node_overlapping_routes.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-o8_same_node_overlapping_routes.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-o8_same_node_overlapping_routes.hujson index 217fdf9a..cf069c6c 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-o8_same_node_overlapping_routes.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-o8_same_node_overlapping_routes.hujson @@ -1,3 +1,10 @@ +// ROUTES-o8_same_node_overlapping_routes +// +// ACL: accept: src=['*'] dst=['10.33.1.0/24:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-o8_same_node_overlapping_routes", "timestamp": "2026-03-17T16:27:28Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-o9_different_nodes_same_route.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-o9_different_nodes_same_route.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-o9_different_nodes_same_route.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-o9_different_nodes_same_route.hujson index 964f1274..40929db3 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-o9_different_nodes_same_route.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-o9_different_nodes_same_route.hujson @@ -1,3 +1,10 @@ +// ROUTES-o9_different_nodes_same_route +// +// ACL: accept: src=['autogroup:member'] dst=['192.168.1.0/24:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-o9_different_nodes_same_route", "timestamp": "2026-03-17T16:27:38Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-r1_exit_covers_external_dest.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-r1_exit_covers_external_dest.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-r1_exit_covers_external_dest.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-r1_exit_covers_external_dest.hujson index 81c52f49..5cea70b1 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-r1_exit_covers_external_dest.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-r1_exit_covers_external_dest.hujson @@ -1,3 +1,10 @@ +// ROUTES-r1_exit_covers_external_dest +// +// ACL: accept: src=['*'] dst=['8.8.8.0/24:53'] +// +// Routers: 6 nodes with routes +// +// Expected: No filter rules { "test_id": "ROUTES-r1_exit_covers_external_dest", "timestamp": "2026-03-17T16:27:49Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-r2_parent_route_covers_child_dest.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-r2_parent_route_covers_child_dest.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-r2_parent_route_covers_child_dest.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-r2_parent_route_covers_child_dest.hujson index 373e4ad5..e22054b0 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-r2_parent_route_covers_child_dest.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-r2_parent_route_covers_child_dest.hujson @@ -1,3 +1,10 @@ +// ROUTES-r2_parent_route_covers_child_dest +// +// ACL: accept: src=['*'] dst=['10.33.1.0/24:22'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-r2_parent_route_covers_child_dest", "timestamp": "2026-03-17T16:27:59Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-r3_sibling_routes_no_coverage.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-r3_sibling_routes_no_coverage.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-r3_sibling_routes_no_coverage.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-r3_sibling_routes_no_coverage.hujson index 26b861cf..8cef74f9 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-r3_sibling_routes_no_coverage.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-r3_sibling_routes_no_coverage.hujson @@ -1,3 +1,10 @@ +// ROUTES-r3_sibling_routes_no_coverage +// +// ACL: accept: src=['*'] dst=['10.34.0.0/16:22'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 1 of 12 nodes { "test_id": "ROUTES-r3_sibling_routes_no_coverage", "timestamp": "2026-03-17T16:28:10Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-r4_exact_match_route.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-r4_exact_match_route.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-r4_exact_match_route.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-r4_exact_match_route.hujson index 95a8d507..1f0bbb9c 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-r4_exact_match_route.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-r4_exact_match_route.hujson @@ -1,3 +1,10 @@ +// ROUTES-r4_exact_match_route +// +// ACL: accept: src=['*'] dst=['10.33.0.0/16:22'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-r4_exact_match_route", "timestamp": "2026-03-17T16:28:21Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-r5_route_coverage_check_logic.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-r5_route_coverage_check_logic.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-r5_route_coverage_check_logic.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-r5_route_coverage_check_logic.hujson index 7b25d772..a116a974 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-r5_route_coverage_check_logic.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-r5_route_coverage_check_logic.hujson @@ -1,3 +1,10 @@ +// ROUTES-r5_route_coverage_check_logic +// +// ACL: accept: src=['*'] dst=['10.33.1.0/24:22'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-r5_route_coverage_check_logic", "timestamp": "2026-03-17T16:28:31Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-r6_ipv6_route_coverage.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-r6_ipv6_route_coverage.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-r6_ipv6_route_coverage.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-r6_ipv6_route_coverage.hujson index 0e5f5e12..f0edb840 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-r6_ipv6_route_coverage.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-r6_ipv6_route_coverage.hujson @@ -1,3 +1,10 @@ +// ROUTES-r6_ipv6_route_coverage +// +// ACL: accept: src=['*'] dst=['fd7a:115c:a1e0::1/128:443'] +// +// Routers: 6 nodes with routes +// +// Expected: No filter rules { "test_id": "ROUTES-r6_ipv6_route_coverage", "timestamp": "2026-03-17T16:28:42Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-r7_exit_ipv6_coverage.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-r7_exit_ipv6_coverage.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-r7_exit_ipv6_coverage.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-r7_exit_ipv6_coverage.hujson index bc8286d5..821a3f04 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-r7_exit_ipv6_coverage.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-r7_exit_ipv6_coverage.hujson @@ -1,3 +1,10 @@ +// ROUTES-r7_exit_ipv6_coverage +// +// ACL: accept: src=['*'] dst=['2001:db8::1/128:443'] +// +// Routers: 6 nodes with routes +// +// Expected: No filter rules { "test_id": "ROUTES-r7_exit_ipv6_coverage", "timestamp": "2026-03-17T16:28:53Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-r8_mixed_ipv4_ipv6_coverage.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-r8_mixed_ipv4_ipv6_coverage.hujson similarity index 98% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-r8_mixed_ipv4_ipv6_coverage.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-r8_mixed_ipv4_ipv6_coverage.hujson index 74210ffd..e8a67266 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-r8_mixed_ipv4_ipv6_coverage.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-r8_mixed_ipv4_ipv6_coverage.hujson @@ -1,3 +1,10 @@ +// ROUTES-r8_mixed_ipv4_ipv6_coverage +// +// ACL: accept: src=['*'] dst=['10.33.0.0/16:*', 'fd7a:115c:a1e0::/64:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 12 of 12 nodes { "test_id": "ROUTES-r8_mixed_ipv4_ipv6_coverage", "timestamp": "2026-03-17T16:29:03Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-t1_tags_resolve_to_ips_not_routes.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-t1_tags_resolve_to_ips_not_routes.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-t1_tags_resolve_to_ips_not_routes.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-t1_tags_resolve_to_ips_not_routes.hujson index e6dd662e..db23c864 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-t1_tags_resolve_to_ips_not_routes.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-t1_tags_resolve_to_ips_not_routes.hujson @@ -1,3 +1,10 @@ +// ROUTES-t1_tags_resolve_to_ips_not_routes +// +// ACL: accept: src=['tag:router'] dst=['tag:router:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 3 of 12 nodes { "test_id": "ROUTES-t1_tags_resolve_to_ips_not_routes", "timestamp": "2026-03-17T16:29:14Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-t2_tag_to_tag_with_exit.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-t2_tag_to_tag_with_exit.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-t2_tag_to_tag_with_exit.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-t2_tag_to_tag_with_exit.hujson index 459867e6..1acb126b 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-t2_tag_to_tag_with_exit.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-t2_tag_to_tag_with_exit.hujson @@ -1,3 +1,10 @@ +// ROUTES-t2_tag_to_tag_with_exit +// +// ACL: accept: src=['tag:exit'] dst=['tag:exit:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-t2_tag_to_tag_with_exit", "timestamp": "2026-03-17T16:29:24Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-t3_tag_src_includes_all_tagged.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-t3_tag_src_includes_all_tagged.hujson similarity index 98% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-t3_tag_src_includes_all_tagged.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-t3_tag_src_includes_all_tagged.hujson index f39aeab8..81fcbfce 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-t3_tag_src_includes_all_tagged.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-t3_tag_src_includes_all_tagged.hujson @@ -1,3 +1,10 @@ +// ROUTES-t3_tag_src_includes_all_tagged +// +// ACL: accept: src=['tag:router'] dst=['*:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 12 of 12 nodes { "test_id": "ROUTES-t3_tag_src_includes_all_tagged", "timestamp": "2026-03-17T16:29:35Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-t4_tag_dst_includes_all_tagged.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-t4_tag_dst_includes_all_tagged.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-t4_tag_dst_includes_all_tagged.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-t4_tag_dst_includes_all_tagged.hujson index b44810d6..aa70366a 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-t4_tag_dst_includes_all_tagged.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-t4_tag_dst_includes_all_tagged.hujson @@ -1,3 +1,10 @@ +// ROUTES-t4_tag_dst_includes_all_tagged +// +// ACL: accept: src=['*'] dst=['tag:ha:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-t4_tag_dst_includes_all_tagged", "timestamp": "2026-03-17T16:29:46Z", diff --git a/hscontrol/policy/v2/testdata/routes_results/ROUTES-t5_multi_tag_node_in_both.json b/hscontrol/policy/v2/testdata/routes_results/ROUTES-t5_multi_tag_node_in_both.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/routes_results/ROUTES-t5_multi_tag_node_in_both.json rename to hscontrol/policy/v2/testdata/routes_results/ROUTES-t5_multi_tag_node_in_both.hujson index 7646936d..0d07755d 100644 --- a/hscontrol/policy/v2/testdata/routes_results/ROUTES-t5_multi_tag_node_in_both.json +++ b/hscontrol/policy/v2/testdata/routes_results/ROUTES-t5_multi_tag_node_in_both.hujson @@ -1,3 +1,10 @@ +// ROUTES-t5_multi_tag_node_in_both +// +// ACL: accept: src=['tag:router'] dst=['tag:exit:*'] +// +// Routers: 6 nodes with routes +// +// Expected: Rules on 2 of 12 nodes { "test_id": "ROUTES-t5_multi_tag_node_in_both", "timestamp": "2026-03-17T16:29:56Z", diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-A1.json b/hscontrol/policy/v2/testdata/ssh_results/SSH-A1.hujson similarity index 91% rename from hscontrol/policy/v2/testdata/ssh_results/SSH-A1.json rename to hscontrol/policy/v2/testdata/ssh_results/SSH-A1.hujson index 7313deab..da6caf84 100644 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-A1.json +++ b/hscontrol/policy/v2/testdata/ssh_results/SSH-A1.hujson @@ -1,3 +1,8 @@ +// SSH-A1 +// +// SSH: accept: src=['autogroup:member'] dst=['autogroup:self'] users=['root'] +// +// Expected: SSH rules on 3 of 5 nodes { "test_id": "SSH-A1", "policy_file": "ssh_policies/ssh_a1.json", diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-A2.json b/hscontrol/policy/v2/testdata/ssh_results/SSH-A2.hujson similarity index 91% rename from hscontrol/policy/v2/testdata/ssh_results/SSH-A2.json rename to hscontrol/policy/v2/testdata/ssh_results/SSH-A2.hujson index a9151058..8ee9db20 100644 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-A2.json +++ b/hscontrol/policy/v2/testdata/ssh_results/SSH-A2.hujson @@ -1,3 +1,8 @@ +// SSH-A2 +// +// SSH: accept: src=['autogroup:member'] dst=['autogroup:self'] users=['autogroup:nonroot'] +// +// Expected: SSH rules on 3 of 5 nodes { "test_id": "SSH-A2", "policy_file": "ssh_policies/ssh_a2.json", diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-A3.json b/hscontrol/policy/v2/testdata/ssh_results/SSH-A3.hujson similarity index 91% rename from hscontrol/policy/v2/testdata/ssh_results/SSH-A3.json rename to hscontrol/policy/v2/testdata/ssh_results/SSH-A3.hujson index 85ab9637..26544aa0 100644 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-A3.json +++ b/hscontrol/policy/v2/testdata/ssh_results/SSH-A3.hujson @@ -1,3 +1,8 @@ +// SSH-A3 +// +// SSH: accept: src=['autogroup:member'] dst=['autogroup:self'] users=['root', 'autogroup:nonroot'] +// +// Expected: SSH rules on 3 of 5 nodes { "test_id": "SSH-A3", "policy_file": "ssh_policies/ssh_a3.json", diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-A4.json b/hscontrol/policy/v2/testdata/ssh_results/SSH-A4.hujson similarity index 88% rename from hscontrol/policy/v2/testdata/ssh_results/SSH-A4.json rename to hscontrol/policy/v2/testdata/ssh_results/SSH-A4.hujson index 5a50b980..17af8ada 100644 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-A4.json +++ b/hscontrol/policy/v2/testdata/ssh_results/SSH-A4.hujson @@ -1,3 +1,8 @@ +// SSH-A4 +// +// SSH: accept: src=['autogroup:member'] dst=['tag:server'] users=['ubuntu'] +// +// Expected: SSH rules on 1 of 5 nodes { "test_id": "SSH-A4", "policy_file": "ssh_policies/ssh_a4.json", diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-A5.json b/hscontrol/policy/v2/testdata/ssh_results/SSH-A5.hujson similarity index 87% rename from hscontrol/policy/v2/testdata/ssh_results/SSH-A5.json rename to hscontrol/policy/v2/testdata/ssh_results/SSH-A5.hujson index 326255bb..74b2162a 100644 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-A5.json +++ b/hscontrol/policy/v2/testdata/ssh_results/SSH-A5.hujson @@ -1,3 +1,8 @@ +// SSH-A5 +// +// SSH: accept: src=['autogroup:member'] dst=['tag:server'] users=['root', 'ubuntu'] +// +// Expected: SSH rules on 1 of 5 nodes { "test_id": "SSH-A5", "policy_file": "ssh_policies/ssh_a5.json", diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-A6.json b/hscontrol/policy/v2/testdata/ssh_results/SSH-A6.hujson similarity index 94% rename from hscontrol/policy/v2/testdata/ssh_results/SSH-A6.json rename to hscontrol/policy/v2/testdata/ssh_results/SSH-A6.hujson index 542396c1..7e585c3d 100644 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-A6.json +++ b/hscontrol/policy/v2/testdata/ssh_results/SSH-A6.hujson @@ -1,3 +1,8 @@ +// SSH-A6 +// +// SSH: check: src=['autogroup:member'] dst=['autogroup:self'] users=['root'] +// +// Expected: SSH rules on 3 of 5 nodes { "test_id": "SSH-A6", "policy_file": "ssh_policies/ssh_a6.json", diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-A7.json b/hscontrol/policy/v2/testdata/ssh_results/SSH-A7.hujson similarity index 94% rename from hscontrol/policy/v2/testdata/ssh_results/SSH-A7.json rename to hscontrol/policy/v2/testdata/ssh_results/SSH-A7.hujson index 9e73aba4..1038cfa6 100644 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-A7.json +++ b/hscontrol/policy/v2/testdata/ssh_results/SSH-A7.hujson @@ -1,3 +1,8 @@ +// SSH-A7 +// +// SSH: check: src=['autogroup:member'] dst=['autogroup:self'] users=['root'] +// +// Expected: SSH rules on 3 of 5 nodes { "test_id": "SSH-A7", "policy_file": "ssh_policies/ssh_a7.json", diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-A8.json b/hscontrol/policy/v2/testdata/ssh_results/SSH-A8.hujson similarity index 94% rename from hscontrol/policy/v2/testdata/ssh_results/SSH-A8.json rename to hscontrol/policy/v2/testdata/ssh_results/SSH-A8.hujson index 097a8516..580db59d 100644 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-A8.json +++ b/hscontrol/policy/v2/testdata/ssh_results/SSH-A8.hujson @@ -1,3 +1,8 @@ +// SSH-A8 +// +// SSH: check: src=['autogroup:member'] dst=['autogroup:self'] users=['root'] +// +// Expected: SSH rules on 3 of 5 nodes { "test_id": "SSH-A8", "policy_file": "ssh_policies/ssh_a8.json", diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-B1.json b/hscontrol/policy/v2/testdata/ssh_results/SSH-B1.hujson similarity index 84% rename from hscontrol/policy/v2/testdata/ssh_results/SSH-B1.json rename to hscontrol/policy/v2/testdata/ssh_results/SSH-B1.hujson index e68797cb..ca8f6cb4 100644 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-B1.json +++ b/hscontrol/policy/v2/testdata/ssh_results/SSH-B1.hujson @@ -1,3 +1,8 @@ +// SSH-B1 +// +// SSH: accept: src=['kristoffer@dalby.cc'] dst=['tag:server'] users=['root'] +// +// Expected: SSH rules on 1 of 5 nodes { "test_id": "SSH-B1", "policy_file": "ssh_policies/ssh_b1.json", diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-B2.json b/hscontrol/policy/v2/testdata/ssh_results/SSH-B2.hujson similarity index 87% rename from hscontrol/policy/v2/testdata/ssh_results/SSH-B2.json rename to hscontrol/policy/v2/testdata/ssh_results/SSH-B2.hujson index 46eb8aa3..e1256da2 100644 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-B2.json +++ b/hscontrol/policy/v2/testdata/ssh_results/SSH-B2.hujson @@ -1,3 +1,8 @@ +// SSH-B2 +// +// SSH: accept: src=['group:developers'] dst=['tag:server'] users=['root'] +// +// Expected: SSH rules on 1 of 5 nodes { "test_id": "SSH-B2", "policy_file": "ssh_policies/ssh_b2.json", diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-B3.json b/hscontrol/policy/v2/testdata/ssh_results/SSH-B3.hujson similarity index 85% rename from hscontrol/policy/v2/testdata/ssh_results/SSH-B3.json rename to hscontrol/policy/v2/testdata/ssh_results/SSH-B3.hujson index 765a4d53..a2492011 100644 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-B3.json +++ b/hscontrol/policy/v2/testdata/ssh_results/SSH-B3.hujson @@ -1,3 +1,8 @@ +// SSH-B3 +// +// SSH: accept: src=['tag:prod'] dst=['tag:server'] users=['root'] +// +// Expected: SSH rules on 1 of 5 nodes { "test_id": "SSH-B3", "policy_file": "ssh_policies/ssh_b3.json", diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-B5.json b/hscontrol/policy/v2/testdata/ssh_results/SSH-B5.hujson similarity index 87% rename from hscontrol/policy/v2/testdata/ssh_results/SSH-B5.json rename to hscontrol/policy/v2/testdata/ssh_results/SSH-B5.hujson index 279217b7..1b2db59c 100644 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-B5.json +++ b/hscontrol/policy/v2/testdata/ssh_results/SSH-B5.hujson @@ -1,3 +1,8 @@ +// SSH-B5 +// +// SSH: accept: src=['user:*@passkey'] dst=['tag:server'] users=['root'] +// +// Expected: SSH rules on 1 of 5 nodes { "test_id": "SSH-B5", "policy_file": "ssh_policies/ssh_b5.json", diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-B6.json b/hscontrol/policy/v2/testdata/ssh_results/SSH-B6.hujson similarity index 87% rename from hscontrol/policy/v2/testdata/ssh_results/SSH-B6.json rename to hscontrol/policy/v2/testdata/ssh_results/SSH-B6.hujson index b4cf7914..3fb7470f 100644 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-B6.json +++ b/hscontrol/policy/v2/testdata/ssh_results/SSH-B6.hujson @@ -1,3 +1,8 @@ +// SSH-B6 +// +// SSH: accept: src=['autogroup:tagged'] dst=['tag:server'] users=['root'] +// +// Expected: SSH rules on 1 of 5 nodes { "test_id": "SSH-B6", "policy_file": "ssh_policies/ssh_b6.json", diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-C1.json b/hscontrol/policy/v2/testdata/ssh_results/SSH-C1.hujson similarity index 91% rename from hscontrol/policy/v2/testdata/ssh_results/SSH-C1.json rename to hscontrol/policy/v2/testdata/ssh_results/SSH-C1.hujson index c95409f1..b4971778 100644 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-C1.json +++ b/hscontrol/policy/v2/testdata/ssh_results/SSH-C1.hujson @@ -1,3 +1,8 @@ +// SSH-C1 +// +// SSH: accept: src=['autogroup:member'] dst=['autogroup:self'] users=['root'] +// +// Expected: SSH rules on 3 of 5 nodes { "test_id": "SSH-C1", "policy_file": "ssh_policies/ssh_c1.json", diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-C2.json b/hscontrol/policy/v2/testdata/ssh_results/SSH-C2.hujson similarity index 88% rename from hscontrol/policy/v2/testdata/ssh_results/SSH-C2.json rename to hscontrol/policy/v2/testdata/ssh_results/SSH-C2.hujson index 21f3722b..48aba4dc 100644 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-C2.json +++ b/hscontrol/policy/v2/testdata/ssh_results/SSH-C2.hujson @@ -1,3 +1,8 @@ +// SSH-C2 +// +// SSH: accept: src=['autogroup:member'] dst=['tag:server'] users=['root'] +// +// Expected: SSH rules on 1 of 5 nodes { "test_id": "SSH-C2", "policy_file": "ssh_policies/ssh_c2.json", diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-C3.json b/hscontrol/policy/v2/testdata/ssh_results/SSH-C3.hujson similarity index 84% rename from hscontrol/policy/v2/testdata/ssh_results/SSH-C3.json rename to hscontrol/policy/v2/testdata/ssh_results/SSH-C3.hujson index 6c8a651a..ece60647 100644 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-C3.json +++ b/hscontrol/policy/v2/testdata/ssh_results/SSH-C3.hujson @@ -1,3 +1,8 @@ +// SSH-C3 +// +// SSH: accept: src=['kristoffer@dalby.cc'] dst=['kristoffer@dalby.cc'] users=['root'] +// +// Expected: SSH rules on 1 of 5 nodes { "test_id": "SSH-C3", "policy_file": "ssh_policies/ssh_c3.json", diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-C4.json b/hscontrol/policy/v2/testdata/ssh_results/SSH-C4.hujson similarity index 91% rename from hscontrol/policy/v2/testdata/ssh_results/SSH-C4.json rename to hscontrol/policy/v2/testdata/ssh_results/SSH-C4.hujson index 14edec5a..c42c1e0d 100644 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-C4.json +++ b/hscontrol/policy/v2/testdata/ssh_results/SSH-C4.hujson @@ -1,3 +1,8 @@ +// SSH-C4 +// +// SSH: accept: src=['autogroup:member'] dst=['tag:server', 'tag:prod'] users=['root'] +// +// Expected: SSH rules on 2 of 5 nodes { "test_id": "SSH-C4", "policy_file": "ssh_policies/ssh_c4.json", diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-D10.json b/hscontrol/policy/v2/testdata/ssh_results/SSH-D10.hujson similarity index 95% rename from hscontrol/policy/v2/testdata/ssh_results/SSH-D10.json rename to hscontrol/policy/v2/testdata/ssh_results/SSH-D10.hujson index ae37ff0c..365d6167 100644 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-D10.json +++ b/hscontrol/policy/v2/testdata/ssh_results/SSH-D10.hujson @@ -1,3 +1,8 @@ +// SSH-D10 +// +// SSH: accept: src=['user:*@passkey'] dst=['tag:server'] users=['localpart:*@passkey'] +// +// Expected: SSH rules on 3 of 5 nodes { "test_id": "SSH-D10", "policy_file": "ssh_policies/ssh_d10.json", diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-D11.json b/hscontrol/policy/v2/testdata/ssh_results/SSH-D11.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/ssh_results/SSH-D11.json rename to hscontrol/policy/v2/testdata/ssh_results/SSH-D11.hujson index f87426ef..bb35c9f1 100644 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-D11.json +++ b/hscontrol/policy/v2/testdata/ssh_results/SSH-D11.hujson @@ -1,3 +1,8 @@ +// SSH-D11 +// +// SSH: accept: src=['autogroup:member'] dst=['tag:server'] users=['localpart:*@passkey', 'ubuntu'] +// +// Expected: SSH rules on 4 of 5 nodes { "test_id": "SSH-D11", "policy_file": "ssh_policies/ssh_d11.json", diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-D12.json b/hscontrol/policy/v2/testdata/ssh_results/SSH-D12.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/ssh_results/SSH-D12.json rename to hscontrol/policy/v2/testdata/ssh_results/SSH-D12.hujson index 197d9668..83f81a45 100644 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-D12.json +++ b/hscontrol/policy/v2/testdata/ssh_results/SSH-D12.hujson @@ -1,3 +1,8 @@ +// SSH-D12 +// +// SSH: accept: src=['autogroup:member'] dst=['tag:server'] users=['localpart:*@passkey', 'ubuntu'] +// +// Expected: SSH rules on 4 of 5 nodes { "test_id": "SSH-D12", "policy_file": "ssh_policies/ssh_d12.json", diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-D2.json b/hscontrol/policy/v2/testdata/ssh_results/SSH-D2.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/ssh_results/SSH-D2.json rename to hscontrol/policy/v2/testdata/ssh_results/SSH-D2.hujson index 20c79efd..b7aeaca2 100644 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-D2.json +++ b/hscontrol/policy/v2/testdata/ssh_results/SSH-D2.hujson @@ -1,3 +1,8 @@ +// SSH-D2 +// +// SSH: accept: src=['autogroup:member'] dst=['tag:server'] users=['localpart:*@passkey'] +// +// Expected: SSH rules on 4 of 5 nodes { "test_id": "SSH-D2", "policy_file": "ssh_policies/ssh_d2.json", diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-D3.json b/hscontrol/policy/v2/testdata/ssh_results/SSH-D3.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/ssh_results/SSH-D3.json rename to hscontrol/policy/v2/testdata/ssh_results/SSH-D3.hujson index a8fc399c..890544c9 100644 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-D3.json +++ b/hscontrol/policy/v2/testdata/ssh_results/SSH-D3.hujson @@ -1,3 +1,8 @@ +// SSH-D3 +// +// SSH: accept: src=['autogroup:member'] dst=['tag:server'] users=['localpart:*@passkey', 'root'] +// +// Expected: SSH rules on 4 of 5 nodes { "test_id": "SSH-D3", "policy_file": "ssh_policies/ssh_d3.json", diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-D4.json b/hscontrol/policy/v2/testdata/ssh_results/SSH-D4.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/ssh_results/SSH-D4.json rename to hscontrol/policy/v2/testdata/ssh_results/SSH-D4.hujson index 5a7dc71c..34e072df 100644 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-D4.json +++ b/hscontrol/policy/v2/testdata/ssh_results/SSH-D4.hujson @@ -1,3 +1,8 @@ +// SSH-D4 +// +// SSH: accept: src=['autogroup:member'] dst=['tag:server'] users=['localpart:*@passkey', 'autogroup:nonroot'] +// +// Expected: SSH rules on 4 of 5 nodes { "test_id": "SSH-D4", "policy_file": "ssh_policies/ssh_d4.json", diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-D5.json b/hscontrol/policy/v2/testdata/ssh_results/SSH-D5.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/ssh_results/SSH-D5.json rename to hscontrol/policy/v2/testdata/ssh_results/SSH-D5.hujson index f9a4f5f4..1f128483 100644 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-D5.json +++ b/hscontrol/policy/v2/testdata/ssh_results/SSH-D5.hujson @@ -1,3 +1,8 @@ +// SSH-D5 +// +// SSH: accept: src=['autogroup:member'] dst=['tag:server'] users=['localpart:*@passkey', 'root', 'autogroup:nonroot'] +// +// Expected: SSH rules on 4 of 5 nodes { "test_id": "SSH-D5", "policy_file": "ssh_policies/ssh_d5.json", diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-D6.json b/hscontrol/policy/v2/testdata/ssh_results/SSH-D6.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/ssh_results/SSH-D6.json rename to hscontrol/policy/v2/testdata/ssh_results/SSH-D6.hujson index d11f4a3c..d744cf01 100644 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-D6.json +++ b/hscontrol/policy/v2/testdata/ssh_results/SSH-D6.hujson @@ -1,3 +1,8 @@ +// SSH-D6 +// +// SSH: accept: src=['autogroup:member'] dst=['tag:server'] users=['localpart:*@passkey', 'autogroup:nonroot'] +// +// Expected: SSH rules on 4 of 5 nodes { "test_id": "SSH-D6", "policy_file": "ssh_policies/ssh_d6.json", diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-D7.json b/hscontrol/policy/v2/testdata/ssh_results/SSH-D7.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/ssh_results/SSH-D7.json rename to hscontrol/policy/v2/testdata/ssh_results/SSH-D7.hujson index 84dcbce4..23f18267 100644 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-D7.json +++ b/hscontrol/policy/v2/testdata/ssh_results/SSH-D7.hujson @@ -1,3 +1,8 @@ +// SSH-D7 +// +// SSH: accept: src=['autogroup:member'] dst=['tag:server'] users=['localpart:*@passkey', 'root', 'autogroup:nonroot'] +// +// Expected: SSH rules on 4 of 5 nodes { "test_id": "SSH-D7", "policy_file": "ssh_policies/ssh_d7.json", diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-D8.json b/hscontrol/policy/v2/testdata/ssh_results/SSH-D8.hujson similarity index 93% rename from hscontrol/policy/v2/testdata/ssh_results/SSH-D8.json rename to hscontrol/policy/v2/testdata/ssh_results/SSH-D8.hujson index 9242e93c..866b1bf2 100644 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-D8.json +++ b/hscontrol/policy/v2/testdata/ssh_results/SSH-D8.hujson @@ -1,3 +1,8 @@ +// SSH-D8 +// +// SSH: accept: src=['autogroup:member'] dst=['autogroup:self'] users=['localpart:*@passkey'] +// +// Expected: SSH rules on 3 of 5 nodes { "test_id": "SSH-D8", "policy_file": "ssh_policies/ssh_d8.json", diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-D9.json b/hscontrol/policy/v2/testdata/ssh_results/SSH-D9.hujson similarity index 93% rename from hscontrol/policy/v2/testdata/ssh_results/SSH-D9.json rename to hscontrol/policy/v2/testdata/ssh_results/SSH-D9.hujson index 7abd3b71..0144c546 100644 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-D9.json +++ b/hscontrol/policy/v2/testdata/ssh_results/SSH-D9.hujson @@ -1,3 +1,8 @@ +// SSH-D9 +// +// SSH: accept: src=['autogroup:member'] dst=['autogroup:self'] users=['localpart:*@passkey', 'root'] +// +// Expected: SSH rules on 3 of 5 nodes { "test_id": "SSH-D9", "policy_file": "ssh_policies/ssh_d9.json", diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-E3.json b/hscontrol/policy/v2/testdata/ssh_results/SSH-E3.hujson similarity index 80% rename from hscontrol/policy/v2/testdata/ssh_results/SSH-E3.json rename to hscontrol/policy/v2/testdata/ssh_results/SSH-E3.hujson index 3585b996..9f644ef0 100644 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-E3.json +++ b/hscontrol/policy/v2/testdata/ssh_results/SSH-E3.hujson @@ -1,3 +1,8 @@ +// SSH-E3 +// +// SSH: (no SSH rules) +// +// Expected: No SSH rules { "test_id": "SSH-E3", "policy_file": "ssh_policies/ssh_e3.json", diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-E4.json b/hscontrol/policy/v2/testdata/ssh_results/SSH-E4.hujson similarity index 81% rename from hscontrol/policy/v2/testdata/ssh_results/SSH-E4.json rename to hscontrol/policy/v2/testdata/ssh_results/SSH-E4.hujson index 645d8d0f..d1a9279a 100644 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-E4.json +++ b/hscontrol/policy/v2/testdata/ssh_results/SSH-E4.hujson @@ -1,3 +1,8 @@ +// SSH-E4 +// +// SSH: (no SSH rules) +// +// Expected: No SSH rules { "test_id": "SSH-E4", "policy_file": "ssh_policies/ssh_e4.json", diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-E5.json b/hscontrol/policy/v2/testdata/ssh_results/SSH-E5.hujson similarity index 89% rename from hscontrol/policy/v2/testdata/ssh_results/SSH-E5.json rename to hscontrol/policy/v2/testdata/ssh_results/SSH-E5.hujson index 94f67545..469f86cc 100644 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-E5.json +++ b/hscontrol/policy/v2/testdata/ssh_results/SSH-E5.hujson @@ -1,3 +1,8 @@ +// SSH-E5 +// +// SSH: accept: src=['tag:prod'] dst=['tag:server'] users=['localpart:*@passkey'] +// +// Expected: SSH rules on 2 of 5 nodes { "test_id": "SSH-E5", "policy_file": "ssh_policies/ssh_e5.json", diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-E6.json b/hscontrol/policy/v2/testdata/ssh_results/SSH-E6.hujson similarity index 97% rename from hscontrol/policy/v2/testdata/ssh_results/SSH-E6.json rename to hscontrol/policy/v2/testdata/ssh_results/SSH-E6.hujson index 8dfd5f97..733d422d 100644 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-E6.json +++ b/hscontrol/policy/v2/testdata/ssh_results/SSH-E6.hujson @@ -1,3 +1,8 @@ +// SSH-E6 +// +// SSH: check: src=['autogroup:member'] dst=['tag:server'] users=['localpart:*@passkey'] +// +// Expected: SSH rules on 4 of 5 nodes { "test_id": "SSH-E6", "policy_file": "ssh_policies/ssh_e6.json", diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-F1.json b/hscontrol/policy/v2/testdata/ssh_results/SSH-F1.hujson similarity index 90% rename from hscontrol/policy/v2/testdata/ssh_results/SSH-F1.json rename to hscontrol/policy/v2/testdata/ssh_results/SSH-F1.hujson index 47bd1356..5d540dfa 100644 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-F1.json +++ b/hscontrol/policy/v2/testdata/ssh_results/SSH-F1.hujson @@ -1,3 +1,10 @@ +// SSH-F1 +// +// SSH rules: +// accept: src=['autogroup:member'] dst=['autogroup:self'] users=['root'] +// accept: src=['autogroup:member'] dst=['tag:server'] users=['autogroup:nonroot'] +// +// Expected: SSH rules on 4 of 5 nodes { "test_id": "SSH-F1", "policy_file": "ssh_policies/ssh_f1.json", diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-F2.json b/hscontrol/policy/v2/testdata/ssh_results/SSH-F2.hujson similarity index 91% rename from hscontrol/policy/v2/testdata/ssh_results/SSH-F2.json rename to hscontrol/policy/v2/testdata/ssh_results/SSH-F2.hujson index 61bc3b4b..ad227cdc 100644 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-F2.json +++ b/hscontrol/policy/v2/testdata/ssh_results/SSH-F2.hujson @@ -1,3 +1,10 @@ +// SSH-F2 +// +// SSH rules: +// accept: src=['autogroup:member'] dst=['tag:server'] users=['root'] +// check: src=['autogroup:member'] dst=['tag:server'] users=['root'] +// +// Expected: SSH rules on 1 of 5 nodes { "test_id": "SSH-F2", "policy_file": "ssh_policies/ssh_f2.json", diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-F3.json b/hscontrol/policy/v2/testdata/ssh_results/SSH-F3.hujson similarity index 95% rename from hscontrol/policy/v2/testdata/ssh_results/SSH-F3.json rename to hscontrol/policy/v2/testdata/ssh_results/SSH-F3.hujson index d16f5f31..12d1f748 100644 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-F3.json +++ b/hscontrol/policy/v2/testdata/ssh_results/SSH-F3.hujson @@ -1,3 +1,10 @@ +// SSH-F3 +// +// SSH rules: +// accept: src=['autogroup:member'] dst=['tag:server'] users=['localpart:*@passkey'] +// accept: src=['autogroup:member'] dst=['tag:server'] users=['root'] +// +// Expected: SSH rules on 4 of 5 nodes { "test_id": "SSH-F3", "policy_file": "ssh_policies/ssh_f3.json", diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-F4.json b/hscontrol/policy/v2/testdata/ssh_results/SSH-F4.hujson similarity index 95% rename from hscontrol/policy/v2/testdata/ssh_results/SSH-F4.json rename to hscontrol/policy/v2/testdata/ssh_results/SSH-F4.hujson index 43dc27dc..206392c6 100644 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-F4.json +++ b/hscontrol/policy/v2/testdata/ssh_results/SSH-F4.hujson @@ -1,3 +1,10 @@ +// SSH-F4 +// +// SSH rules: +// accept: src=['autogroup:member'] dst=['tag:server'] users=['localpart:*@passkey'] +// accept: src=['autogroup:member'] dst=['tag:server'] users=['autogroup:nonroot'] +// +// Expected: SSH rules on 4 of 5 nodes { "test_id": "SSH-F4", "policy_file": "ssh_policies/ssh_f4.json", diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-F5.json b/hscontrol/policy/v2/testdata/ssh_results/SSH-F5.hujson similarity index 96% rename from hscontrol/policy/v2/testdata/ssh_results/SSH-F5.json rename to hscontrol/policy/v2/testdata/ssh_results/SSH-F5.hujson index 9065a0f7..f0dc1bfa 100644 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-F5.json +++ b/hscontrol/policy/v2/testdata/ssh_results/SSH-F5.hujson @@ -1,3 +1,10 @@ +// SSH-F5 +// +// SSH rules: +// accept: src=['autogroup:member'] dst=['autogroup:self'] users=['localpart:*@passkey'] +// accept: src=['autogroup:member'] dst=['tag:server'] users=['localpart:*@passkey'] +// +// Expected: SSH rules on 4 of 5 nodes { "test_id": "SSH-F5", "policy_file": "ssh_policies/ssh_f5.json", diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-G1.json b/hscontrol/policy/v2/testdata/ssh_results/SSH-G1.hujson similarity index 89% rename from hscontrol/policy/v2/testdata/ssh_results/SSH-G1.json rename to hscontrol/policy/v2/testdata/ssh_results/SSH-G1.hujson index 153dd354..d355fbab 100644 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-G1.json +++ b/hscontrol/policy/v2/testdata/ssh_results/SSH-G1.hujson @@ -1,3 +1,8 @@ +// SSH-G1 +// +// SSH: accept: src=['autogroup:member'] dst=['tag:server'] users=['root'] +// +// Expected: SSH rules on 1 of 5 nodes { "test_id": "SSH-G1", "policy_file": "ssh_policies/ssh_g1.json", diff --git a/hscontrol/policy/v2/testdata/ssh_results/SSH-G2.json b/hscontrol/policy/v2/testdata/ssh_results/SSH-G2.hujson similarity index 89% rename from hscontrol/policy/v2/testdata/ssh_results/SSH-G2.json rename to hscontrol/policy/v2/testdata/ssh_results/SSH-G2.hujson index fb6fbcf6..a891b8a6 100644 --- a/hscontrol/policy/v2/testdata/ssh_results/SSH-G2.json +++ b/hscontrol/policy/v2/testdata/ssh_results/SSH-G2.hujson @@ -1,3 +1,8 @@ +// SSH-G2 +// +// SSH: accept: src=['autogroup:member'] dst=['tag:server'] users=['root'] +// +// Expected: SSH rules on 1 of 5 nodes { "test_id": "SSH-G2", "policy_file": "ssh_policies/ssh_g2.json", diff --git a/hscontrol/servertest/via_compat_test.go b/hscontrol/servertest/via_compat_test.go index fba2de7b..b1a7972f 100644 --- a/hscontrol/servertest/via_compat_test.go +++ b/hscontrol/servertest/via_compat_test.go @@ -14,6 +14,7 @@ import ( "github.com/juanfont/headscale/hscontrol/servertest" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + "github.com/tailscale/hujson" "tailscale.com/tailcfg" "tailscale.com/types/netmap" ) @@ -81,6 +82,20 @@ var viaCompatTests = []struct { // The comparison is IP-independent: it validates peer visibility, route // prefixes in AllowedIPs, and PrimaryRoutes — not literal Tailscale IP // addresses which differ between Tailscale SaaS and headscale allocation. +// +// CROSS-DEPENDENCY WARNING: +// This test reads golden files from ../policy/v2/testdata/grant_results/ +// (specifically GRANT-V29, V30, V31, V36). These files are shared with +// TestGrantsCompat in the policy/v2 package. Any changes to the file +// format, field structure, or naming must be coordinated with BOTH tests. +// +// Fields consumed by this test (but NOT by TestGrantsCompat): +// - captures[name].netmap (Peers, AllowedIPs, PrimaryRoutes, PacketFilterRules) +// - topology.nodes[name].tags (used for servertest node creation) +// +// Fields consumed by TestGrantsCompat (but NOT by this test): +// - captures[name].packet_filter_rules (golden filter rule comparison) +// - input.api_response_code/body (error case handling) func TestViaGrantMapCompat(t *testing.T) { t.Parallel() @@ -89,13 +104,17 @@ func TestViaGrantMapCompat(t *testing.T) { t.Parallel() path := filepath.Join( - "..", "policy", "v2", "testdata", "grant_results", tc.id+".json", + "..", "policy", "v2", "testdata", "grant_results", tc.id+".hujson", ) data, err := os.ReadFile(path) require.NoError(t, err, "failed to read golden file %s", path) + ast, err := hujson.Parse(data) + require.NoError(t, err, "failed to parse HuJSON in %s", path) + ast.Standardize() + var gf goldenFile - require.NoError(t, json.Unmarshal(data, &gf)) + require.NoError(t, json.Unmarshal(ast.Pack(), &gf)) if gf.Error { t.Skipf("test %s is an error case", tc.id)